CVE-2018-20771

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:xerox:workcentre_5845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5845:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:xerox:workcentre_5900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5900:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:xerox:workcentre_5900i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5900i:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:xerox:workcentre_7220i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7220i:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:xerox:workcentre_7855i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7855i:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:xerox:workcentre_7845i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7845i:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:xerox:workcentre_7835i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7835i:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:xerox:workcentre_7830i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7830i:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:xerox:workcentre_ec7836_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_ec7836:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:xerox:workcentre_ec7856_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_ec7856:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-02-10 17:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-20771

Mitre link : CVE-2018-20771

CVE.ORG link : CVE-2018-20771

JSON object : View

Products Affected

xerox

workcentre_7855_firmware
workcentre_6655
workcentre_7970_firmware
workcentre_5845
workcentre_7855i_firmware
workcentre_5865i_firmware
workcentre_7225i
workcentre_5865
workcentre_ec7856
workcentre_5845_firmware
workcentre_7845_firmware
workcentre_7220_firmware
workcentre_ec7836
workcentre_7220i
workcentre_5865i
workcentre_3655i_firmware
workcentre_7225_firmware
workcentre_7830
workcentre_7970i_firmware
workcentre_ec7836_firmware
workcentre_7830i_firmware
workcentre_5900i_firmware
workcentre_3655
workcentre_7855
workcentre_3655i
workcentre_6655i
workcentre_5875i
workcentre_5875
workcentre_5875i_firmware
workcentre_6655_firmware
workcentre_7835i_firmware
workcentre_7225i_firmware
workcentre_7845
workcentre_ec7856_firmware
workcentre_7855i
workcentre_5890i_firmware
workcentre_5890i
workcentre_7225
workcentre_7970
workcentre_7835_firmware
workcentre_5890_firmware
workcentre_7830_firmware
workcentre_7830i
workcentre_5900
workcentre_7220i_firmware
workcentre_7220
workcentre_3655_firmware
workcentre_5890
workcentre_7845i
workcentre_7970i
workcentre_5875_firmware
workcentre_7835
workcentre_5900_firmware
workcentre_7845i_firmware
workcentre_5865_firmware
workcentre_6655i_firmware
workcentre_7835i
workcentre_5900i

CWE

CWE-20

Improper Input Validation

9.8 /10