CVE-2019-18628

EUVD-2019-8351
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
xeroxaltalink_b8045_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8055_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8065_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8075_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8090_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_c8030_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8035_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8045_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8055_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8070_firmware
𝑥
< 103.003.010.14010
𝑥
= Vulnerable software versions
References
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf