Lucene search

[email protected]CVE-2016-11061

HistoryApr 29, 2020 - 10:15 p.m.

CVE-2016-11061

2020-04-2922:15:11

CWE-78

[email protected]

web.nvd.nist.gov

xerox

workcentre

cve-2016-11061

os command execution

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Affected configurations

NVD

Node

xeroxworkcentre_3655_firmwareRange<073.060.086.15410

AND

xeroxworkcentre_3655Match-

Node

xeroxworkcentre_3655i_firmwareRange<073.060.086.15410

AND

xeroxworkcentre_3655iMatch-

Node

xeroxworkcentre_5865_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5865Match-

Node

xeroxworkcentre_5875_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5875Match-

Node

xeroxworkcentre_5890_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5890Match-

Node

xeroxworkcentre_5865i_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5865iMatch-

Node

xeroxworkcentre_5875i_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5875iMatch-

Node

xeroxworkcentre_5890i_firmwareRange<073.190.086.15410

AND

xeroxworkcentre_5890iMatch-

Node

xeroxworkcentre_5945_firmwareRange<073.091.086.15410

AND

xeroxworkcentre_5945Match-

Node

xeroxworkcentre_5955_firmwareRange<073.091.086.15410

AND

xeroxworkcentre_5955Match-

Node

xeroxworkcentre_5945i_firmwareRange<073.091.086.15410

AND

xeroxworkcentre_5945iMatch-

Node

xeroxworkcentre_5955i_firmwareRange<073.091.086.15410

AND

xeroxworkcentre_5955iMatch-

Node

xeroxworkcentre_6655_firmwareRange<073.110.086.15410

AND

xeroxworkcentre_6655Match-

Node

xeroxworkcentre_6655i_firmwareRange<073.110.086.15410

AND

xeroxworkcentre_6655iMatch-

Node

xeroxworkcentre_7200_firmwareRange<073.030.086.15410

AND

xeroxworkcentre_7200Match-

Node

xeroxworkcentre_7200i_firmwareRange<073.030.086.15410

AND

xeroxworkcentre_7200iMatch-

Node

xeroxworkcentre_7225i_firmwareRange<073.030.086.15410

AND

xeroxworkcentre_7225iMatch-

Node

xeroxworkcentre_7830_firmwareRange<073.010.086.15410

AND

xeroxworkcentre_7830Match-

Node

xeroxworkcentre_7835_firmwareRange<073.010.086.15410

AND

xeroxworkcentre_7835Match-

Node

xeroxworkcentre_7845_firmwareRange<073.010.086.15410

AND

xeroxworkcentre_7845Match-

Node

xeroxworkcentre_7855_firmwareRange<073.010.086.15410

AND

xeroxworkcentre_7855Match-

Node

xeroxworkcentre_7970_firmwareRange<073.200.086.15410

AND

xeroxworkcentre_7970Match-

Node

xeroxworkcentre_7970i_firmwareRange<073.200.086.15410

AND

xeroxworkcentre_7970iMatch-

Node

xeroxworkcentre_7225_firmwareRange<073.030.086.15410

AND

xeroxworkcentre_7225Match-

Node

xeroxworkcentre_7220_firmwareRange<073.030.086.15410

AND

xeroxworkcentre_7220Match-

CPENameOperatorVersion
xerox:workcentre_3655_firmwarexerox workcentre 3655 firmwarelt073.060.086.15410

CPE	Name	Operator	Version
xerox:workcentre_3655_firmware	xerox workcentre 3655 firmware	lt	073.060.086.15410

References

securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

Related for CVE-2016-11061

prion1 cvelist1 nvd1