cvelistv5 - CVE-2024-6333

CVE-2024-6333 (GCVE-0-2024-6333)

Vulnerability from cvelistv5

Published

2024-10-17 13:51

Modified

2025-09-17 16:52

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

References

▼	URL	Tags
	10b61619-3869-496c-8a1e-f291b0e71e3f	https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/17

Impacted products

Vendor

Product

Version

▼

Xerox

AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807

Version: 103.xxx.024.18600 <

Xerox	Xerox® EC8036 / EC8056	Version: 103.xxx.024.18600
Xerox	Xerox® EC8036 / EC8056 - Common Criteria (June 2022)	Version: 103.023.031.35105
Xerox	Xerox® EC8036 / EC8056 - Common Criteria (June 2024)	Version: 103.xxx.013.14115
Xerox	AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 \| B8145 / B8155 / B8170 Common Criteria (Aug 2024)	Version: 119.xxx.023.13006
Xerox	AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 \| B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)	Version: 111.xxx.003.11600
Xerox	VersaLink® B625 / C625 \| B425 / C425 Common Criteria Certified (2024)	Version: 119.xxx.003.11705
Xerox	WorkCentre 3655/3655i	Version: 075.060.004.07810
Xerox	WorkCentre 5945/55i	Version: 075.091.004.07810
Xerox	WorkCentre 6655/6655i	Version: 075.110.004.07810
Xerox	WorkCentre 7220/7225i	Version: 075.030.004.07810
Xerox	WorkCentre 7830/7835i	Version: 075.010 004.07810
Xerox	WorkCentre 7845/7855i	Version: 075.040.004.07810
Xerox	WorkCentre 7845/7855 (IBG)	Version: 075.080.004.07810
Xerox	WorkCentre 7970/7970i	Version: 075.200.004.07810
Xerox	WorkCentre EC7836	Version: 075.050.004.07810
Xerox	WorkCentre EC7856	Version: 075.020.004.07810

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "altalink_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "103.xxx.024.18600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "119.xxx.023.13006",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "111.xxx.003.11600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "versalink_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "119.xxx.003.11705",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "workcentre_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "075.060.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.091.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.110.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.030.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.010 004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.040.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.080.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.200.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.050.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.020.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xerox_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "103.xxx.024.18600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "103.023.031.35105",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "103.xxx.013.14115",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T18:32:51.988456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T19:19:55.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-29T05:02:50.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00ae B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.024.18600",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.024.18600"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2022)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.023.031.35105"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.013.14115"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00aeC8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "119.xxx.023.13006"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00ae C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "111.xxx.003.11600"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VersaLink\u00ae B625 / C625 | B425 / C425 Common Criteria Certified (2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "119.xxx.003.11705"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 3655/3655i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.060.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 5945/55i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.091.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 6655/6655i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.110.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7220/7225i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.030.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7830/7835i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.010 004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7845/7855i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.040.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7845/7855 (IBG)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.080.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7970/7970i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.200.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre EC7836",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.050.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre EC7856",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.020.004.07810"
            }
          ]
        }
      ],
      "datePublic": "2024-10-16T13:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authenticated Remote Code Execution in Altalink, Versalink \u0026amp; WorkCentre Products."
            }
          ],
          "value": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T16:52:52.859Z",
        "orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
        "shortName": "Xerox"
      },
      "references": [
        {
          "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
    "assignerShortName": "Xerox",
    "cveId": "CVE-2024-6333",
    "datePublished": "2024-10-17T13:51:16.011Z",
    "dateReserved": "2024-06-25T18:31:05.065Z",
    "dateUpdated": "2025-09-17T16:52:52.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6333\",\"sourceIdentifier\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"published\":\"2024-10-17T14:15:14.287\",\"lastModified\":\"2025-09-17T17:15:42.047\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products.\"},{\"lang\":\"es\",\"value\":\"Ejecuci\u00f3n remota de c\u00f3digo autenticada en Altalink, Versalink \u0026amp; WorkCentre Products. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"},{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf\",\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Oct/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2024/Oct/17\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-29T05:02:50.054Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6333\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-25T18:32:51.988456Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"xerox\", \"product\": \"altalink_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"103.xxx.024.18600\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"119.xxx.023.13006\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"111.xxx.003.11600\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"xerox\", \"product\": \"versalink_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"119.xxx.003.11705\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"xerox\", \"product\": \"workcentre_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.060.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.091.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.110.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.030.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.010 004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.040.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.080.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.200.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.050.004.07810\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"075.020.004.07810\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"xerox\", \"product\": \"xerox_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"103.xxx.024.18600\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"103.023.031.35105\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"103.xxx.013.14115\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T19:07:14.743Z\"}}], \"cna\": {\"title\": \"Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-253\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-253 Remote Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Xerox\", \"product\": \"AltaLink\\u00ae B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807\", \"versions\": [{\"status\": \"affected\", \"version\": \"103.xxx.024.18600\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"Xerox\\u00ae EC8036 / EC8056\", \"versions\": [{\"status\": \"affected\", \"version\": \"103.xxx.024.18600\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"Xerox\\u00ae EC8036 / EC8056 - Common Criteria (June 2022)\", \"versions\": [{\"status\": \"affected\", \"version\": \"103.023.031.35105\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"Xerox\\u00ae EC8036 / EC8056 - Common Criteria (June 2024)\", \"versions\": [{\"status\": \"affected\", \"version\": \"103.xxx.013.14115\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"AltaLink\\u00aeC8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)\", \"versions\": [{\"status\": \"affected\", \"version\": \"119.xxx.023.13006\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"AltaLink\\u00ae C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)\", \"versions\": [{\"status\": \"affected\", \"version\": \"111.xxx.003.11600\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"VersaLink\\u00ae B625 / C625 | B425 / C425 Common Criteria Certified (2024)\", \"versions\": [{\"status\": \"affected\", \"version\": \"119.xxx.003.11705\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 3655/3655i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.060.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 5945/55i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.091.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 6655/6655i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.110.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 7220/7225i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.030.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 7830/7835i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.010 004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 7845/7855i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.040.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 7845/7855 (IBG)\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.080.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre 7970/7970i\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.200.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre EC7836\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.050.004.07810\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Xerox\", \"product\": \"WorkCentre EC7856\", \"versions\": [{\"status\": \"affected\", \"version\": \"075.020.004.07810\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-10-16T13:46:00.000Z\", \"references\": [{\"url\": \"https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Authenticated Remote Code Execution in Altalink, Versalink \u0026amp; WorkCentre Products.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"10b61619-3869-496c-8a1e-f291b0e71e3f\", \"shortName\": \"Xerox\", \"dateUpdated\": \"2025-09-17T16:52:52.859Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6333\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-17T16:52:52.859Z\", \"dateReserved\": \"2024-06-25T18:31:05.065Z\", \"assignerOrgId\": \"10b61619-3869-496c-8a1e-f291b0e71e3f\", \"datePublished\": \"2024-10-17T13:51:16.011Z\", \"assignerShortName\": \"Xerox\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2024-3214

Vulnerability from csaf_certbund

Published

2024-10-15 22:00

Modified

2024-10-15 22:00

Summary

Xerox WorkCentre: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Unter der Xerox WorkCentre Produktlinie sind Multifunktions Netzwerkdrucker zusammengefasst.

Angriff

Ein entfernter Angreifer kann eine Schwachstelle in Xerox WorkCentre ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Unter der Xerox WorkCentre Produktlinie sind Multifunktions Netzwerkdrucker zusammengefasst.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann eine Schwachstelle in Xerox WorkCentre ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3214 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3214.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3214 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3214"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin vom 2024-10-15",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-CVE-2024-6333.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Xerox WorkCentre: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-10-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-16T11:15:14.325+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3214",
      "initial_release_date": "2024-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Xerox WorkCentre",
            "product": {
              "name": "Xerox WorkCentre",
              "product_id": "T005328",
              "product_identification_helper": {
                "cpe": "cpe:/h:xerox:workcentre:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6333",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Xerox WorkCentre. Dieser Fehler wurde noch nicht im Detail ver\u00f6ffentlicht. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005328"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-6333"
    }
  ]
}

WID-SEC-W-2024-3214

Vulnerability from csaf_certbund

Published

2024-10-15 22:00

Modified

2024-10-15 22:00

Summary

Xerox WorkCentre: Schwachstelle ermöglicht Codeausführung

Notes

Produktbeschreibung

Unter der Xerox WorkCentre Produktlinie sind Multifunktions Netzwerkdrucker zusammengefasst.

Angriff

Ein entfernter Angreifer kann eine Schwachstelle in Xerox WorkCentre ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Unter der Xerox WorkCentre Produktlinie sind Multifunktions Netzwerkdrucker zusammengefasst.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann eine Schwachstelle in Xerox WorkCentre ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3214 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3214.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3214 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3214"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin vom 2024-10-15",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-CVE-2024-6333.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Xerox WorkCentre: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-10-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-16T11:15:14.325+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3214",
      "initial_release_date": "2024-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Xerox WorkCentre",
            "product": {
              "name": "Xerox WorkCentre",
              "product_id": "T005328",
              "product_identification_helper": {
                "cpe": "cpe:/h:xerox:workcentre:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6333",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Xerox WorkCentre. Dieser Fehler wurde noch nicht im Detail ver\u00f6ffentlicht. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005328"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-6333"
    }
  ]
}

fkie_cve-2024-6333

Vulnerability from fkie_nvd

Published

2024-10-17 14:15

Modified

2025-09-17 17:15

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

References

▼	URL	Tags
	10b61619-3869-496c-8a1e-f291b0e71e3f	https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/17

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products."
    },
    {
      "lang": "es",
      "value": "Ejecuci\u00f3n remota de c\u00f3digo autenticada en Altalink, Versalink \u0026amp; WorkCentre Products. "
    }
  ],
  "id": "CVE-2024-6333",
  "lastModified": "2025-09-17T17:15:42.047",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-17T14:15:14.287",
  "references": [
    {
      "source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
      "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/17"
    }
  ],
  "sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        },
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
      "type": "Secondary"
    }
  ]
}

ghsa-8xf6-75qf-44g2

Vulnerability from github

Published

2024-10-17 15:31

Modified

2025-09-17 18:31

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T14:15:14Z",
    "severity": "HIGH"
  },
  "details": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products.",
  "id": "GHSA-8xf6-75qf-44g2",
  "modified": "2025-09-17T18:31:16Z",
  "published": "2024-10-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6333"
    },
    {
      "type": "WEB",
      "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-6333 (GCVE-0-2024-6333)

Vulnerability from cvelistv5

wid-sec-w-2024-3214

Vulnerability from csaf_certbund

WID-SEC-W-2024-3214

Vulnerability from csaf_certbund

fkie_cve-2024-6333

Vulnerability from fkie_nvd

ghsa-8xf6-75qf-44g2

Vulnerability from github

Tags

Sightings

Nomenclature