CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
xeroxaltalink_b8045_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8055_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8065_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8075_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_b8090_firmware
𝑥
< 103.008.010.14010
xeroxaltalink_c8030_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8035_firmware
𝑥
< 103.001.010.14010
xeroxaltalink_c8045_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8055_firmware
𝑥
< 103.002.010.14010
xeroxaltalink_c8070_firmware
𝑥
< 103.003.010.14010
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf