Lucene search

[email protected]CVE-2018-16709

HistorySep 07, 2018 - 7:29 p.m.

CVE-2018-16709

2018-09-0719:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

fuji xerox

remote attack

file read

file write

pjl commands

cve-2018-16709

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON

Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.

CPENameOperatorVersion
fujixerox:docucentre-v_3065_firmwarefujixerox docucentre-v 3065 firmwareeq-
fujixerox:apeosport-v_c4475_firmwarefujixerox apeosport-v c4475 firmwareeq-
fujixerox:apeosport-vi_c3371_firmwarefujixerox apeosport-vi c3371 firmwareeq-
fujixerox:apeosport-v_c3375_firmwarefujixerox apeosport-v c3375 firmwareeq-
fujixerox:docucentre-vi_c2271_firmwarefujixerox docucentre-vi c2271 firmwareeq-
fujixerox:apeosport-v_c5576_firmwarefujixerox apeosport-v c5576 firmwareeq-
fujixerox:docucentre-iv_c2263_firmwarefujixerox docucentre-iv c2263 firmwareeq-
fujixerox:docucentre-v_c2263_firmwarefujixerox docucentre-v c2263 firmwareeq-
fujixerox:apeosport-v_5070_firmwarefujixerox apeosport-v 5070 firmwareeq-

CPE	Name	Operator	Version
fujixerox:docucentre-v_3065_firmware	fujixerox docucentre-v 3065 firmware	eq	-
fujixerox:apeosport-v_c4475_firmware	fujixerox apeosport-v c4475 firmware	eq	-
fujixerox:apeosport-vi_c3371_firmware	fujixerox apeosport-vi c3371 firmware	eq	-
fujixerox:apeosport-v_c3375_firmware	fujixerox apeosport-v c3375 firmware	eq	-
fujixerox:docucentre-vi_c2271_firmware	fujixerox docucentre-vi c2271 firmware	eq	-
fujixerox:apeosport-v_c5576_firmware	fujixerox apeosport-v c5576 firmware	eq	-
fujixerox:docucentre-iv_c2263_firmware	fujixerox docucentre-iv c2263 firmware	eq	-
fujixerox:docucentre-v_c2263_firmware	fujixerox docucentre-v c2263 firmware	eq	-
fujixerox:apeosport-v_5070_firmware	fujixerox apeosport-v 5070 firmware	eq	-

References

www.exploit-db.com/exploits/45332/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2018-16709

prion1 cvelist1