CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*

History

11 Mar 2021, 13:46

Type	Values Removed	Values Added
CPE		cpe:2.3:o:xerox:altalink_b8045_firmware:::::::: cpe:2.3:o:xerox:altalink_b8065_firmware:::::::: cpe:2.3:o:xerox:altalink_c8035_firmware:::::::: cpe:2.3:h:xerox:altalink_b8045:-:::::::* cpe:2.3:o:xerox:altalink_c8055_firmware:::::::: cpe:2.3:h:xerox:altalink_c8055:-:::::::* cpe:2.3:h:xerox:altalink_b8075:-:::::::* cpe:2.3:o:xerox:altalink_b8090_firmware:::::::: cpe:2.3:o:xerox:altalink_c8045_firmware:::::::: cpe:2.3:o:xerox:altalink_b8055_firmware:::::::: cpe:2.3:o:xerox:altalink_b8075_firmware:::::::: cpe:2.3:h:xerox:altalink_c8035:-:::::::* cpe:2.3:o:xerox:altalink_c8070_firmware:::::::: cpe:2.3:h:xerox:altalink_b8090:-:::::::* cpe:2.3:o:xerox:altalink_c8030_firmware:::::::: cpe:2.3:h:xerox:altalink_c8070:-:::::::* cpe:2.3:h:xerox:altalink_b8055:-:::::::* cpe:2.3:h:xerox:altalink_b8065:-:::::::* cpe:2.3:h:xerox:altalink_c8030:-:::::::* cpe:2.3:h:xerox:altalink_c8045:-:::::::*
CWE		CWE-326
References	~~(MISC) https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf -~~	(MISC) https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5

04 Mar 2021, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-04 23:15

Updated : 2023-12-10 13:41

NVD link : CVE-2019-18630

Mitre link : CVE-2019-18630

CVE.ORG link : CVE-2019-18630

JSON object : View

Products Affected

xerox

altalink_b8055_firmware
altalink_b8065_firmware
altalink_b8075
altalink_b8055
altalink_b8090
altalink_c8045
altalink_c8070
altalink_c8030
altalink_c8070_firmware
altalink_b8090_firmware
altalink_b8075_firmware
altalink_c8030_firmware
altalink_b8045
altalink_b8045_firmware
altalink_c8055
altalink_c8045_firmware
altalink_c8035_firmware
altalink_b8065
altalink_c8055_firmware
altalink_c8035

CWE

CWE-312

Cleartext Storage of Sensitive Information

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-18630

7.5^/10

5.0^/10

Attach tags to `CVE-2019-18630`