CVE-2016-11061

EPSS 2.49%
Published 29.04.2020 22:15:11
Last modified 21.11.2024 02:45:24
Source cve@mitre.org
Teams watchlist Login
Open Login

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Xerox ≫ Workcentre 3655 Firmware Version < 073.060.086.15410

Xerox ≫ Workcentre 3655 Version-

Xerox ≫ Workcentre 3655i Firmware Version < 073.060.086.15410

Xerox ≫ Workcentre 3655i Version-

Xerox ≫ Workcentre 5865 Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5865 Version-

Xerox ≫ Workcentre 5875 Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5875 Version-

Xerox ≫ Workcentre 5890 Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5890 Version-

Xerox ≫ Workcentre 5865i Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5865i Version-

Xerox ≫ Workcentre 5875i Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5875i Version-

Xerox ≫ Workcentre 5890i Firmware Version < 073.190.086.15410

Xerox ≫ Workcentre 5890i Version-

Xerox ≫ Workcentre 5945 Firmware Version < 073.091.086.15410

Xerox ≫ Workcentre 5945 Version-

Xerox ≫ Workcentre 5955 Firmware Version < 073.091.086.15410

Xerox ≫ Workcentre 5955 Version-

Xerox ≫ Workcentre 5945i Firmware Version < 073.091.086.15410

Xerox ≫ Workcentre 5945i Version-

Xerox ≫ Workcentre 5955i Firmware Version < 073.091.086.15410

Xerox ≫ Workcentre 5955i Version-

Xerox ≫ Workcentre 6655 Firmware Version < 073.110.086.15410

Xerox ≫ Workcentre 6655 Version-

Xerox ≫ Workcentre 6655i Firmware Version < 073.110.086.15410

Xerox ≫ Workcentre 6655i Version-

Xerox ≫ Workcentre 7200 Firmware Version < 073.030.086.15410

Xerox ≫ Workcentre 7200 Version-

Xerox ≫ Workcentre 7200i Firmware Version < 073.030.086.15410

Xerox ≫ Workcentre 7200i Version-

Xerox ≫ Workcentre 7225i Firmware Version < 073.030.086.15410

Xerox ≫ Workcentre 7225i Version-

Xerox ≫ Workcentre 7830 Firmware Version < 073.010.086.15410

Xerox ≫ Workcentre 7830 Version-

Xerox ≫ Workcentre 7835 Firmware Version < 073.010.086.15410

Xerox ≫ Workcentre 7835 Version-

Xerox ≫ Workcentre 7845 Firmware Version < 073.010.086.15410

Xerox ≫ Workcentre 7845 Version-

Xerox ≫ Workcentre 7855 Firmware Version < 073.010.086.15410

Xerox ≫ Workcentre 7855 Version-

Xerox ≫ Workcentre 7970 Firmware Version < 073.200.086.15410

Xerox ≫ Workcentre 7970 Version-

Xerox ≫ Workcentre 7970i Firmware Version < 073.200.086.15410

Xerox ≫ Workcentre 7970i Version-

Xerox ≫ Workcentre 7225 Firmware Version < 073.030.086.15410

Xerox ≫ Workcentre 7225 Version-

Xerox ≫ Workcentre 7220 Firmware Version < 073.030.086.15410

Xerox ≫ Workcentre 7220 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.49%	0.847

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-11061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-11061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-11061

EUVD