CVE-2020-36201

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:xerox:workcentre_5945_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5945:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:xerox:workcentre_5955_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5955:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:xerox:workcentre_5945i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5945i:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:xerox:workcentre_5955i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5955i:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:xerox:workcentre_7220i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7220i:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:xerox:workcentre_7830i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7830i:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:xerox:workcentre_7835i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7835i:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:xerox:workcentre_7845i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7845i:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:xerox:workcentre_7855i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7855i:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:xerox:workcentre_ec7836_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_ec7836:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:xerox:workcentre_ec7856_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_ec7856:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*

History

02 Feb 2021, 19:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-326
CPE		cpe:2.3:o:xerox:workcentre_5945_firmware:::::::: cpe:2.3:h:xerox:workcentre_5955i:-:::::::* cpe:2.3:o:xerox:workcentre_5875_firmware:::::::: cpe:2.3:o:xerox:workcentre_7845_firmware:::::::: cpe:2.3:h:xerox:workcentre_6655i:-:::::::* cpe:2.3:o:xerox:workcentre_7830_firmware:::::::: cpe:2.3:h:xerox:workcentre_6655:-:::::::* cpe:2.3:o:xerox:workcentre_5890i_firmware:::::::: cpe:2.3:o:xerox:workcentre_ec7856_firmware:::::::: cpe:2.3:h:xerox:workcentre_ec7836:-:::::::* cpe:2.3:h:xerox:workcentre_3655:-:::::::* cpe:2.3:o:xerox:workcentre_7855i_firmware:::::::: cpe:2.3:o:xerox:workcentre_7835i_firmware:::::::: cpe:2.3:h:xerox:workcentre_7220:-:::::::* cpe:2.3:o:xerox:workcentre_6655_firmware:::::::: cpe:2.3:o:xerox:workcentre_5875i_firmware:::::::: cpe:2.3:o:xerox:workcentre_5945i_firmware:::::::: cpe:2.3:o:xerox:workcentre_7970i_firmware:::::::: cpe:2.3:h:xerox:workcentre_7830i:-:::::::* cpe:2.3:o:xerox:workcentre_5865i_firmware:::::::: cpe:2.3:o:xerox:workcentre_5865_firmware:::::::: cpe:2.3:h:xerox:workcentre_5945:-:::::::* cpe:2.3:o:xerox:workcentre_6655i_firmware:::::::: cpe:2.3:h:xerox:workcentre_7835:-:::::::* cpe:2.3:h:xerox:workcentre_3655i:-:::::::* cpe:2.3:h:xerox:workcentre_7835i:-:::::::* cpe:2.3:o:xerox:workcentre_7225_firmware:::::::: cpe:2.3:o:xerox:workcentre_7970_firmware:::::::: cpe:2.3:h:xerox:workcentre_5945i:-:::::::* cpe:2.3:o:xerox:workcentre_5955i_firmware:::::::: cpe:2.3:h:xerox:workcentre_5890i:-:::::::* cpe:2.3:h:xerox:workcentre_7220i:-:::::::* cpe:2.3:o:xerox:workcentre_7220_firmware:::::::: cpe:2.3:o:xerox:workcentre_7220i_firmware:::::::: cpe:2.3:o:xerox:workcentre_ec7836_firmware:::::::: cpe:2.3:h:xerox:workcentre_5865:-:::::::* cpe:2.3:o:xerox:workcentre_7855_firmware:::::::: cpe:2.3:o:xerox:workcentre_7835_firmware:::::::: cpe:2.3:h:xerox:workcentre_7970i:-:::::::* cpe:2.3:h:xerox:workcentre_5865i:-:::::::* cpe:2.3:h:xerox:workcentre_5875i:-:::::::* cpe:2.3:h:xerox:workcentre_7845i:-:::::::* cpe:2.3:h:xerox:workcentre_5955:-:::::::* cpe:2.3:h:xerox:workcentre_7845:-:::::::* cpe:2.3:h:xerox:workcentre_ec7856:-:::::::* cpe:2.3:h:xerox:workcentre_7970:-:::::::* cpe:2.3:h:xerox:workcentre_7855i:-:::::::* cpe:2.3:h:xerox:workcentre_5890:-:::::::* cpe:2.3:h:xerox:workcentre_7225i:-:::::::* cpe:2.3:o:xerox:workcentre_5955_firmware:::::::: cpe:2.3:o:xerox:workcentre_7845i_firmware:::::::: cpe:2.3:h:xerox:workcentre_7855:-:::::::* cpe:2.3:h:xerox:workcentre_5875:-:::::::* cpe:2.3:o:xerox:workcentre_7225i_firmware:::::::: cpe:2.3:o:xerox:workcentre_5890_firmware:::::::: cpe:2.3:o:xerox:workcentre_3655_firmware:::::::: cpe:2.3:o:xerox:workcentre_3655i_firmware:::::::: cpe:2.3:h:xerox:workcentre_7225:-:::::::* cpe:2.3:h:xerox:workcentre_7830:-:::::::* cpe:2.3:o:xerox:workcentre_7830i_firmware::::::::
References	~~(MISC) https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf -~~	(MISC) https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf - Patch, Vendor Advisory

26 Jan 2021, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-26 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-36201

Mitre link : CVE-2020-36201

CVE.ORG link : CVE-2020-36201

JSON object : View

Products Affected

xerox

workcentre_5955_firmware
workcentre_7970i
workcentre_6655_firmware
workcentre_7835_firmware
workcentre_7970_firmware
workcentre_ec7856
workcentre_5890_firmware
workcentre_7220i_firmware
workcentre_7970i_firmware
workcentre_3655i
workcentre_5945i_firmware
workcentre_7225i
workcentre_7970
workcentre_5955i
workcentre_7855
workcentre_5945i
workcentre_5945_firmware
workcentre_7835
workcentre_7225
workcentre_ec7836
workcentre_5865i_firmware
workcentre_5890i_firmware
workcentre_7830i_firmware
workcentre_5875i_firmware
workcentre_7835i
workcentre_7845_firmware
workcentre_3655i_firmware
workcentre_ec7856_firmware
workcentre_5875i
workcentre_5955
workcentre_7220
workcentre_7845i
workcentre_5865i
workcentre_6655i_firmware
workcentre_7855_firmware
workcentre_7220_firmware
workcentre_7855i_firmware
workcentre_7220i
workcentre_7845i_firmware
workcentre_7830
workcentre_5875_firmware
workcentre_5945
workcentre_5865
workcentre_ec7836_firmware
workcentre_5955i_firmware
workcentre_7225_firmware
workcentre_5865_firmware
workcentre_6655i
workcentre_7845
workcentre_7225i_firmware
workcentre_7855i
workcentre_3655
workcentre_5890
workcentre_6655
workcentre_7830i
workcentre_7830_firmware
workcentre_3655_firmware
workcentre_7835i_firmware
workcentre_5875
workcentre_5890i

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-36201

7.5^/10

5.0^/10

Attach tags to `CVE-2020-36201`