Vulnerability-Lookup

BDU:2024-08747

Vulnerability from fstec - Published: 14.12.2023

Title

Уязвимость микропрограммного обеспечения многофункциональных устройств (МФУ) Xerox Altalink, Versalink и WorkCentre, связанная с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость микропрограммного обеспечения многофункциональных устройств (МФУ) Xerox Altalink, Versalink и WorkCentre связана с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код в операционной системе МФУ с root-привилегиями путём внедрения специально сформированной команды

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Xerox Corporation

Software Name

AltaLink B8045, AltaLink B8055, AltaLink B8065, AltaLink B8075, AltaLink B8090, AltaLink C8030, AltaLink C8035, AltaLink C8045, AltaLink C8055, AltaLink C8070, EC8036, EC8056, AltaLink B8145, AltaLink B8155, AltaLink B8170, AltaLink C8130, AltaLink C8135, AltaLink C8145, AltaLink C8155, AltaLink C8170, VersaLink B625, VersaLink C625, VersaLink B415, VersaLink C415, WorkCentre 3655, WorkCentre 3655i, WorkCentre 5945, WorkCentre 55i, WorkCentre 6655, WorkCentre 6655i, WorkCentre 7220, WorkCentre 7225i, WorkCentre 7830, WorkCentre 7835i, WorkCentre 7845, WorkCentre 7855i, WorkCentre 7855, WorkCentre 7970, WorkCentre 7970i, WorkCentre EC7836, WorkCentre EC7856

Software Version

до 103.xxx.024.18600 866140v3 (AltaLink B8045), до 103.xxx.024.18600 866140v3 (AltaLink B8055), до 103.xxx.024.18600 866140v3 (AltaLink B8065), до 103.xxx.024.18600 866140v3 (AltaLink B8075), до 103.xxx.024.18600 866140v3 (AltaLink B8090), до 103.xxx.024.18600 866140v3 (AltaLink C8030), до 103.xxx.024.18600 866140v3 (AltaLink C8035), до 103.xxx.024.18600 866140v3 (AltaLink C8045), до 103.xxx.024.18600 866140v3 (AltaLink C8055), до 103.xxx.024.18600 866140v3 (AltaLink C8070), до 103.xxx.024.18600 872818v3 (EC8036), до 103.xxx.024.18600 872818v3 (EC8056), до 119.xxx.023.13006 869829v3 (AltaLink B8145), до 119.xxx.023.13006 869829v3 (AltaLink B8155), до 119.xxx.023.13006 869829v3 (AltaLink B8170), до 111.xxx.003.11600 869827v3 (AltaLink C8130), до 111.xxx.003.11600 869827v3 (AltaLink C8135), до 111.xxx.003.11600 869827v3 (AltaLink C8145), до 111.xxx.003.11600 869827v3 (AltaLink C8155), до 111.xxx.003.11600 869827v3 (AltaLink C8170), до 119.xxx.003.11705 869818v3 (VersaLink B625), до 119.xxx.003.11705 869818v3 (VersaLink C625), до 119.xxx.003.11705 869818v3 (VersaLink B415), до 119.xxx.003.11705 869818v3 (VersaLink C415), до 075.060.004.07810 (WorkCentre 3655), до 075.060.004.07810 (WorkCentre 3655i), до 075.091.004.07810 (WorkCentre 5945), до 075.091.004.07810 (WorkCentre 55i), до 075.110.004.07810 (WorkCentre 6655), до 075.110.004.07810 (WorkCentre 6655i), до 075.030.004.07810 (WorkCentre 7220), до 075.030.004.07810 (WorkCentre 7225i), до 075.010 004.07810 (WorkCentre 7830), до 075.010 004.07810 (WorkCentre 7835i), до 075.040.004.07810 (WorkCentre 7845), до 075.040.004.07810 (WorkCentre 7855i), до 075.080.004.07810 (WorkCentre 7845), до 075.080.004.07810 (WorkCentre 7855), до 075.200.004.07810 (WorkCentre 7970), до 075.200.004.07810 (WorkCentre 7970i), до 075.050.004.07810 (WorkCentre EC7836), до 075.020.004.07810 (WorkCentre EC7856), до 119.xxx.023.13006 869829v3 (AltaLink C8130), до 119.xxx.023.13006 869829v3 (AltaLink C8135), до 119.xxx.023.13006 869829v3 (AltaLink C8145), до 119.xxx.023.13006 869829v3 (AltaLink C8155), до 119.xxx.023.13006 869829v3 (AltaLink C8170)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств межсетевого экранирования для ограничения удалённого доступа к устройствам; - ограничение доступа из внешних сетей (Интернет); - отключение/удаление неиспользуемых учётных записей пользователей информационной системы, в составе которой функционирует уязвимое устройство; - минимизация привилегий пользователей. Использование рекомендаций: https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf

Reference

https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Xerox Corporation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink B8045), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink B8055), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink B8065), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink B8075), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink B8090), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink C8030), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink C8035), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink C8045), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink C8055), \u0434\u043e 103.xxx.024.18600 866140v3 (AltaLink C8070), \u0434\u043e 103.xxx.024.18600 872818v3 (EC8036), \u0434\u043e 103.xxx.024.18600 872818v3 (EC8056), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink B8145), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink B8155), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink B8170), \u0434\u043e 111.xxx.003.11600 869827v3 (AltaLink C8130), \u0434\u043e 111.xxx.003.11600 869827v3 (AltaLink C8135), \u0434\u043e 111.xxx.003.11600 869827v3 (AltaLink C8145), \u0434\u043e 111.xxx.003.11600 869827v3 (AltaLink C8155), \u0434\u043e 111.xxx.003.11600 869827v3 (AltaLink C8170), \u0434\u043e 119.xxx.003.11705 869818v3 (VersaLink B625), \u0434\u043e 119.xxx.003.11705 869818v3 (VersaLink C625), \u0434\u043e 119.xxx.003.11705 869818v3 (VersaLink B415), \u0434\u043e 119.xxx.003.11705 869818v3 (VersaLink C415), \u0434\u043e 075.060.004.07810 (WorkCentre 3655), \u0434\u043e 075.060.004.07810 (WorkCentre 3655i), \u0434\u043e 075.091.004.07810 (WorkCentre 5945), \u0434\u043e 075.091.004.07810 (WorkCentre 55i), \u0434\u043e 075.110.004.07810 (WorkCentre 6655), \u0434\u043e 075.110.004.07810 (WorkCentre 6655i), \u0434\u043e 075.030.004.07810 (WorkCentre 7220), \u0434\u043e 075.030.004.07810 (WorkCentre 7225i), \u0434\u043e 075.010 004.07810 (WorkCentre 7830), \u0434\u043e 075.010 004.07810 (WorkCentre 7835i), \u0434\u043e 075.040.004.07810 (WorkCentre 7845), \u0434\u043e 075.040.004.07810 (WorkCentre 7855i), \u0434\u043e 075.080.004.07810 (WorkCentre 7845), \u0434\u043e 075.080.004.07810 (WorkCentre 7855), \u0434\u043e 075.200.004.07810 (WorkCentre 7970), \u0434\u043e 075.200.004.07810 (WorkCentre 7970i), \u0434\u043e 075.050.004.07810 (WorkCentre EC7836), \u0434\u043e 075.020.004.07810 (WorkCentre EC7856), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink C8130), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink C8135), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink C8145), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink C8155), \u0434\u043e 119.xxx.023.13006 869829v3 (AltaLink C8170)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08747",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-6333",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "AltaLink B8045, AltaLink B8055, AltaLink B8065, AltaLink B8075, AltaLink B8090, AltaLink C8030, AltaLink C8035, AltaLink C8045, AltaLink C8055, AltaLink C8070, EC8036, EC8056, AltaLink B8145, AltaLink B8155, AltaLink B8170, AltaLink C8130, AltaLink C8135, AltaLink C8145, AltaLink C8155, AltaLink C8170, VersaLink B625, VersaLink C625, VersaLink B415, VersaLink C415, WorkCentre 3655, WorkCentre 3655i, WorkCentre 5945, WorkCentre 55i, WorkCentre 6655, WorkCentre 6655i, WorkCentre 7220, WorkCentre 7225i, WorkCentre 7830, WorkCentre 7835i, WorkCentre 7845, WorkCentre 7855i, WorkCentre 7855, WorkCentre 7970, WorkCentre 7970i, WorkCentre EC7836, WorkCentre EC7856",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u043d\u043e\u0433\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 (\u041c\u0424\u0423) Xerox Altalink, Versalink \u0438 WorkCentre, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u043d\u043e\u0433\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 (\u041c\u0424\u0423) Xerox Altalink, Versalink \u0438 WorkCentre \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u041c\u0424\u0423 \u0441 root-\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0443\u0442\u0451\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf\nhttps://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}

CVE-2024-6333 (GCVE-0-2024-6333)

Vulnerability from cvelistv5 – Published: 2024-10-17 13:51 – Updated: 2025-09-17 16:52

Title

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products

Summary

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

Xerox

References

URL

Tags

https://securitydocs.business.xerox.com/wp-conten…

Impacted products

Vendor

Product

Version

Xerox

AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807

Affected: 103.xxx.024.18600 (custom)

Xerox	Xerox® EC8036 / EC8056	Affected: 103.xxx.024.18600
Xerox	Xerox® EC8036 / EC8056 - Common Criteria (June 2022)	Affected: 103.023.031.35105
Xerox	Xerox® EC8036 / EC8056 - Common Criteria (June 2024)	Affected: 103.xxx.013.14115
Xerox	AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 \| B8145 / B8155 / B8170 Common Criteria (Aug 2024)	Affected: 119.xxx.023.13006
Xerox	AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 \| B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)	Affected: 111.xxx.003.11600
Xerox	VersaLink® B625 / C625 \| B425 / C425 Common Criteria Certified (2024)	Affected: 119.xxx.003.11705
Xerox	WorkCentre 3655/3655i	Affected: 075.060.004.07810
Xerox	WorkCentre 5945/55i	Affected: 075.091.004.07810
Xerox	WorkCentre 6655/6655i	Affected: 075.110.004.07810
Xerox	WorkCentre 7220/7225i	Affected: 075.030.004.07810
Xerox	WorkCentre 7830/7835i	Affected: 075.010 004.07810
Xerox	WorkCentre 7845/7855i	Affected: 075.040.004.07810
Xerox	WorkCentre 7845/7855 (IBG)	Affected: 075.080.004.07810
Xerox	WorkCentre 7970/7970i	Affected: 075.200.004.07810
Xerox	WorkCentre EC7836	Affected: 075.050.004.07810
Xerox	WorkCentre EC7856	Affected: 075.020.004.07810

Date Public ?

2024-10-16 13:46

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "altalink_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "103.xxx.024.18600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "119.xxx.023.13006",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "111.xxx.003.11600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "versalink_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "119.xxx.003.11705",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "workcentre_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "075.060.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.091.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.110.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.030.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.010 004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.040.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.080.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.200.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.050.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "075.020.004.07810",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xerox_firmware",
            "vendor": "xerox",
            "versions": [
              {
                "lessThan": "103.xxx.024.18600",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "103.023.031.35105",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "103.xxx.013.14115",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T18:32:51.988456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T19:19:55.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-29T05:02:50.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00ae B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.024.18600",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.024.18600"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2022)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.023.031.35105"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "103.xxx.013.14115"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00aeC8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "119.xxx.023.13006"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AltaLink\u00ae C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "111.xxx.003.11600"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VersaLink\u00ae B625 / C625 | B425 / C425 Common Criteria Certified (2024)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "119.xxx.003.11705"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 3655/3655i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.060.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 5945/55i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.091.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 6655/6655i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.110.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7220/7225i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.030.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7830/7835i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.010 004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7845/7855i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.040.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7845/7855 (IBG)",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.080.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre 7970/7970i",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.200.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre EC7836",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.050.004.07810"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WorkCentre EC7856",
          "vendor": "Xerox",
          "versions": [
            {
              "status": "affected",
              "version": "075.020.004.07810"
            }
          ]
        }
      ],
      "datePublic": "2024-10-16T13:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authenticated Remote Code Execution in Altalink, Versalink \u0026amp; WorkCentre Products."
            }
          ],
          "value": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T16:52:52.859Z",
        "orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
        "shortName": "Xerox"
      },
      "references": [
        {
          "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Remote Code Execution in Altalink, Versalink \u0026 WorkCentre Products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
    "assignerShortName": "Xerox",
    "cveId": "CVE-2024-6333",
    "datePublished": "2024-10-17T13:51:16.011Z",
    "dateReserved": "2024-06-25T18:31:05.065Z",
    "dateUpdated": "2025-09-17T16:52:52.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-08747

CVE-2024-6333 (GCVE-0-2024-6333)

Tags

Sightings

Nomenclature