CVE-2019-18629

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
xeroxaltalink_b8045_firmware
𝑥
< 101.008.099.28200
xeroxaltalink_b8055_firmware
𝑥
< 101.008.099.28200
xeroxaltalink_b8065_firmware
𝑥
< 101.008.099.28200
xeroxaltalink_b8075_firmware
𝑥
< 101.008.099.28200
xeroxaltalink_b8090_firmware
𝑥
< 101.008.099.28200
xeroxaltalink_c8030_firmware
𝑥
< 101.001.099.28200
xeroxaltalink_c8035_firmware
𝑥
< 101.001.099.28200
xeroxaltalink_c8045_firmware
𝑥
< 101.002.099.28200
xeroxaltalink_c8055_firmware
𝑥
< 101.002.099.28200
xeroxaltalink_c8070_firmware
𝑥
< 101.003.099.28200
𝑥
= Vulnerable software versions
References
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf
https://security.business.xerox.com
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf