Vulnerability Details CVE-2019-10880
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://airbus-seclab.github.io/
- https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf
- https://airbus-seclab.github.io/
- https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf
Products affected by CVE-2019-10880
-
cpe:2.3:h:xerox:colorqube_8700:-
-
cpe:2.3:h:xerox:colorqube_8900:-
-
cpe:2.3:h:xerox:colorqube_9301:-
-
cpe:2.3:h:xerox:colorqube_9302:-
-
cpe:2.3:h:xerox:colorqube_9303:-
-
cpe:2.3:o:xerox:colorqube_8700_firmware:*
-
cpe:2.3:o:xerox:colorqube_8900_firmware:*
-
cpe:2.3:o:xerox:colorqube_9301_firmware:061.180.221.14709
-
cpe:2.3:o:xerox:colorqube_9302_firmware:061.180.221.14709
-
cpe:2.3:o:xerox:colorqube_9303_firmware:061.180.221.14709