Lucene search

K
certCERTVU:737740
HistoryMar 18, 2013 - 12:00 a.m.

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

2013-03-1800:00:00
www.kb.cert.org
205

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.1%

Overview

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).

Description

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable.


Impact

A remote attacker may be able to cause a denial of service or possibly run arbitrary code.


Solution

Apply an Update

Apply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from Xerox tech support.


Restrict access

As a general good security practice, only allow connections from trusted hosts and networks.


Vendor Information

737740

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

EFI Affected

Notified: December 18, 2012 Updated: March 18, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 6.9 AV:A/AC:M/Au:N/C:P/I:P/A:C
Temporal 5.1 E:U/RL:OF/RC:C
Environmental 1 CDP:L/TD:L/CR:L/IR:L/AR:L

References

Acknowledgements

Thanks to Curtis Rhodes for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884, CVE-2011-4619, CVE-2011-4577, CVE-2011-4576, CVE-2011-4109, CVE-2011-4108, CVE-2010-4180, CVE-2010-3864
Date Public: 2013-03-18 Date First Published:

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.335 Low

EPSS

Percentile

97.1%