CVE-2024-6333

EPSS 1.31%
Published 17.10.2024 14:15:14
Last modified 17.09.2025 17:15:42
Source 10b61619-3869-496c-8a1e-f291b0
Teams watchlist Login
Open Login

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Affected products Warnungen 0 Metrics 2 CWE 2 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorxerox

≫

Product altalink_firmware

Default Statusunknown

Version < 103.xxx.024.18600

Version 0

Status affected

Version < 119.xxx.023.13006

Version 0

Status affected

Version < 111.xxx.003.11600

Version 0

Status affected

Vendorxerox

≫

Product versalink_firmware

Default Statusunknown

Version < 119.xxx.003.11705

Version 0

Status affected

Vendorxerox

≫

Product workcentre_firmware

Default Statusunknown

Version < 075.060.004.07810

Version 0

Status affected

Version < 075.091.004.07810

Version 0

Status affected

Version < 075.110.004.07810

Version 0

Status affected

Version < 075.030.004.07810

Version 0

Status affected

Version < 075.010 004.07810

Version 0

Status affected

Version < 075.040.004.07810

Version 0

Status affected

Version < 075.080.004.07810

Version 0

Status affected

Version < 075.200.004.07810

Version 0

Status affected

Version < 075.050.004.07810

Version 0

Status affected

Version < 075.020.004.07810

Version 0

Status affected

Vendorxerox

≫

Product xerox_firmware

Default Statusunknown

Version < 103.xxx.024.18600

Version 0

Status affected

Version < 103.023.031.35105

Version 0

Status affected

Version < 103.xxx.013.14115

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.31%	0.79

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
10b61619-3869-496c-8a1e-f291b0e71e3f	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf

http://seclists.org/fulldisclosure/2024/Oct/17

https://nvd.nist.gov/vuln/detail/CVE-2024-6333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6333

EUVD