CVE-2019-18628

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
xeroxaltalink_b8045_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8055_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8065_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8075_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8090_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_c8030_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8035_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8045_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8055_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8070_firmware
𝑥
< 103.003.010.14010
𝑥
= Vulnerable software versions
References
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf