CVE-2018-20768

EPSS 0.64%
Published 10.02.2019 17:29:00
Last modified 21.11.2024 04:02:07
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Xerox ≫ Workcentre 3655i Firmware Version < 073.060.048.15000

Xerox ≫ Workcentre 3655i Version-

Xerox ≫ Workcentre 3655 Firmware Version < 073.060.048.15000

Xerox ≫ Workcentre 3655 Version-

Xerox ≫ Workcentre 5890i Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5890i Version-

Xerox ≫ Workcentre 5865i Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5865i Version-

Xerox ≫ Workcentre 5875i Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5875i Version-

Xerox ≫ Workcentre 5845 Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5845 Version-

Xerox ≫ Workcentre 5865 Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5865 Version-

Xerox ≫ Workcentre 5875 Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5875 Version-

Xerox ≫ Workcentre 5890 Firmware Version < 073.190.048.15000

Xerox ≫ Workcentre 5890 Version-

Xerox ≫ Workcentre 5900 Firmware Version < 073.091.048.15000

Xerox ≫ Workcentre 5900 Version-

Xerox ≫ Workcentre 5900i Firmware Version < 073.091.048.15000

Xerox ≫ Workcentre 5900i Version-

Xerox ≫ Workcentre 6655 Firmware Version < 073.110.048.15000

Xerox ≫ Workcentre 6655 Version-

Xerox ≫ Workcentre 6655i Firmware Version < 073.110.048.15000

Xerox ≫ Workcentre 6655i Version-

Xerox ≫ Workcentre 7855 Firmware Version < 073.040.048.15000

Xerox ≫ Workcentre 7855 Version-

Xerox ≫ Workcentre 7225 Firmware Version < 073.030.048.15000

Xerox ≫ Workcentre 7225 Version-

Xerox ≫ Workcentre 7220 Firmware Version < 073.030.048.15000

Xerox ≫ Workcentre 7220 Version-

Xerox ≫ Workcentre 7220i Firmware Version < 073.030.048.15000

Xerox ≫ Workcentre 7220i Version-

Xerox ≫ Workcentre 7225i Firmware Version < 073.030.048.15000

Xerox ≫ Workcentre 7225i Version-

Xerox ≫ Workcentre 7855i Firmware Version < 073.040.048.15000

Xerox ≫ Workcentre 7855i Version-

Xerox ≫ Workcentre 7845i Firmware Version < 073.040.048.15000

Xerox ≫ Workcentre 7845i Version-

Xerox ≫ Workcentre 7835i Firmware Version < 073.010.048.15000

Xerox ≫ Workcentre 7835i Version-

Xerox ≫ Workcentre 7830i Firmware Version < 073.010.048.15000

Xerox ≫ Workcentre 7830i Version-

Xerox ≫ Workcentre 7830 Firmware Version < 073.010.048.15000

Xerox ≫ Workcentre 7830 Version-

Xerox ≫ Workcentre 7835 Firmware Version < 073.010.048.15000

Xerox ≫ Workcentre 7835 Version-

Xerox ≫ Workcentre 7845 Firmware Version < 073.040.048.15000

Xerox ≫ Workcentre 7845 Version-

Xerox ≫ Workcentre 7970 Firmware Version < 073.200.048.15000

Xerox ≫ Workcentre 7970 Version-

Xerox ≫ Workcentre 7970i Firmware Version < 073.200.048.15000

Xerox ≫ Workcentre 7970i Version-

Xerox ≫ Workcentre Ec7836 Firmware Version < 073.050.048.15000

Xerox ≫ Workcentre Ec7836 Version-

Xerox ≫ Workcentre Ec7856 Firmware Version < 073.020.048.15000

Xerox ≫ Workcentre Ec7856 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.695

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-20768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20768

EUVD