Published: 29/04/2020 Updated: 06/05/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices prior to 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated malicious user to execute OS commands on the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xerox workcentre_3655_firmware
xerox workcentre_3655i_firmware
xerox workcentre_5865_firmware
xerox workcentre_5875_firmware
xerox workcentre_5890_firmware
xerox workcentre_5865i_firmware
xerox workcentre_5875i_firmware
xerox workcentre_5890i_firmware
xerox workcentre_5945_firmware
xerox workcentre_5955_firmware
xerox workcentre_5945i_firmware
xerox workcentre_5955i_firmware
xerox workcentre_6655_firmware
xerox workcentre_6655i_firmware
xerox workcentre_7200_firmware
xerox workcentre_7200i_firmware
xerox workcentre_7225i_firmware
xerox workcentre_7830_firmware
xerox workcentre_7835_firmware
xerox workcentre_7845_firmware
xerox workcentre_7855_firmware
xerox workcentre_7970_firmware
xerox workcentre_7970i_firmware
xerox workcentre_7225_firmware
xerox workcentre_7220_firmware

CWE-78 https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-11061

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect