Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.

Published

2019-02-10T17:29:00.293

Last Modified

2024-11-21T04:02:07.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xerox	workcentre_3655i_firmware	< 073.060.048.15000	Yes
Hardware	xerox	workcentre_3655i	-	No
Operating System	xerox	workcentre_3655_firmware	< 073.060.048.15000	Yes
Hardware	xerox	workcentre_3655	-	No
Operating System	xerox	workcentre_5890i_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5890i	-	No
Operating System	xerox	workcentre_5865i_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5865i	-	No
Operating System	xerox	workcentre_5875i_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5875i	-	No
Operating System	xerox	workcentre_5845_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5845	-	No
Operating System	xerox	workcentre_5865_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5865	-	No
Operating System	xerox	workcentre_5875_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5875	-	No
Operating System	xerox	workcentre_5890_firmware	< 073.190.048.15000	Yes
Hardware	xerox	workcentre_5890	-	No
Operating System	xerox	workcentre_5900_firmware	< 073.091.048.15000	Yes
Hardware	xerox	workcentre_5900	-	No
Operating System	xerox	workcentre_5900i_firmware	< 073.091.048.15000	Yes
Hardware	xerox	workcentre_5900i	-	No
Operating System	xerox	workcentre_6655_firmware	< 073.110.048.15000	Yes
Hardware	xerox	workcentre_6655	-	No
Operating System	xerox	workcentre_6655i_firmware	< 073.110.048.15000	Yes
Hardware	xerox	workcentre_6655i	-	No
Operating System	xerox	workcentre_7855_firmware	< 073.040.048.15000	Yes
Hardware	xerox	workcentre_7855	-	No
Operating System	xerox	workcentre_7225_firmware	< 073.030.048.15000	Yes
Hardware	xerox	workcentre_7225	-	No
Operating System	xerox	workcentre_7220_firmware	< 073.030.048.15000	Yes
Hardware	xerox	workcentre_7220	-	No
Operating System	xerox	workcentre_7220i_firmware	< 073.030.048.15000	Yes
Hardware	xerox	workcentre_7220i	-	No
Operating System	xerox	workcentre_7225i_firmware	< 073.030.048.15000	Yes
Hardware	xerox	workcentre_7225i	-	No
Operating System	xerox	workcentre_7855i_firmware	< 073.040.048.15000	Yes
Hardware	xerox	workcentre_7855i	-	No
Operating System	xerox	workcentre_7845i_firmware	< 073.040.048.15000	Yes
Hardware	xerox	workcentre_7845i	-	No
Operating System	xerox	workcentre_7835i_firmware	< 073.010.048.15000	Yes
Hardware	xerox	workcentre_7835i	-	No
Operating System	xerox	workcentre_7830i_firmware	< 073.010.048.15000	Yes
Hardware	xerox	workcentre_7830i	-	No
Operating System	xerox	workcentre_7830_firmware	< 073.010.048.15000	Yes
Hardware	xerox	workcentre_7830	-	No
Operating System	xerox	workcentre_7835_firmware	< 073.010.048.15000	Yes
Hardware	xerox	workcentre_7835	-	No
Operating System	xerox	workcentre_7845_firmware	< 073.040.048.15000	Yes
Hardware	xerox	workcentre_7845	-	No
Operating System	xerox	workcentre_7970_firmware	< 073.200.048.15000	Yes
Hardware	xerox	workcentre_7970	-	No
Operating System	xerox	workcentre_7970i_firmware	< 073.200.048.15000	Yes
Hardware	xerox	workcentre_7970i	-	No
Operating System	xerox	workcentre_ec7836_firmware	< 073.050.048.15000	Yes
Hardware	xerox	workcentre_ec7836	-	No
Operating System	xerox	workcentre_ec7856_firmware	< 073.020.048.15000	Yes
Hardware	xerox	workcentre_ec7856	-	No

References

https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf Patch, Vendor Advisory ([email protected])
https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)