7.5

CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.

Data is provided by the National Vulnerability Database (NVD)
XeroxAltalink B8045 Firmware Version < 103.008.010.14010
   XeroxAltalink B8045 Version-
XeroxAltalink B8055 Firmware Version < 103.008.010.14010
   XeroxAltalink B8055 Version-
XeroxAltalink B8065 Firmware Version < 103.008.010.14010
   XeroxAltalink B8065 Version-
XeroxAltalink B8075 Firmware Version < 103.008.010.14010
   XeroxAltalink B8075 Version-
XeroxAltalink B8090 Firmware Version < 103.008.010.14010
   XeroxAltalink B8090 Version-
XeroxAltalink C8030 Firmware Version < 103.001.010.14010
   XeroxAltalink C8030 Version-
XeroxAltalink C8035 Firmware Version < 103.001.010.14010
   XeroxAltalink C8035 Version-
XeroxAltalink C8045 Firmware Version < 103.002.010.14010
   XeroxAltalink C8045 Version-
XeroxAltalink C8055 Firmware Version < 103.002.010.14010
   XeroxAltalink C8055 Version-
XeroxAltalink C8070 Firmware Version < 103.003.010.14010
   XeroxAltalink C8070 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.374
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.