9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.335 Low
EPSS
Percentile
97.0%
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable.
A remote attacker may be able to cause a denial of service or possibly run arbitrary code.
Apply an Update
Apply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from Xerox tech support.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks.
737740
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 18, 2012 Updated: March 18, 2013
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.9 | AV:A/AC:M/Au:N/C:P/I:P/A:C |
Temporal | 5.1 | E:U/RL:OF/RC:C |
Environmental | 1 | CDP:L/TD:L/CR:L/IR:L/AR:L |
Thanks to Curtis Rhodes for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884, CVE-2011-4619, CVE-2011-4577, CVE-2011-4576, CVE-2011-4109, CVE-2011-4108, CVE-2010-4180, CVE-2010-3864 |
---|---|
Date Public: | 2013-03-18 Date First Published: |