CVE-2024-6333 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
xerox	altalink_firmware	𝑥 < 103.xxx.024.18600	ADP
xerox	altalink_firmware	𝑥 < 119.xxx.023.13006	ADP
xerox	altalink_firmware	𝑥 < 111.xxx.003.11600	ADP
xerox	versalink_firmware	𝑥 < 119.xxx.003.11705	ADP
xerox	workcentre_firmware	𝑥 < 075.060.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.091.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.110.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.030.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.010 004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.040.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.080.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.200.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.050.004.07810	ADP
xerox	workcentre_firmware	𝑥 < 075.020.004.07810	ADP
xerox	xerox_firmware	𝑥 < 103.xxx.024.18600	ADP
xerox	xerox_firmware	𝑥 < 103.023.031.35105	ADP
xerox	xerox_firmware	𝑥 < 103.xxx.013.14115	ADP

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf

http://seclists.org/fulldisclosure/2024/Oct/17