CVE-2016-11061 — CRITICAL (9.8)

Q: How severe is CVE-2016-11061?

CVE-2016-11061 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-11061?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Workcentre 3655 Firmware, Xerox Workcentre 3655, Xerox Workcentre 3655I Firmware, Xerox Workcentre 3655I, Xerox Workcentre 5865 Firmware.

Vulnerability Description

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xerox	Workcentre 3655 Firmware	< 073.060.086.15410
Xerox	Workcentre 3655	-
Xerox	Workcentre 3655I Firmware	< 073.060.086.15410
Xerox	Workcentre 3655I	-
Xerox	Workcentre 5865 Firmware	< 073.190.086.15410
Xerox	Workcentre 5865	-
Xerox	Workcentre 5875 Firmware	< 073.190.086.15410
Xerox	Workcentre 5875	-
Xerox	Workcentre 5890 Firmware	< 073.190.086.15410
Xerox	Workcentre 5890	-
Xerox	Workcentre 5865I Firmware	< 073.190.086.15410
Xerox	Workcentre 5865I	-
Xerox	Workcentre 5875I Firmware	< 073.190.086.15410
Xerox	Workcentre 5875I	-
Xerox	Workcentre 5890I Firmware	< 073.190.086.15410
Xerox	Workcentre 5890I	-
Xerox	Workcentre 5945 Firmware	< 073.091.086.15410
Xerox	Workcentre 5945	-
Xerox	Workcentre 5955 Firmware	< 073.091.086.15410
Xerox	Workcentre 5955	-

Related Weaknesses (CWE)

CWE-78

References

https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_SecVendor Advisory
https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_SecVendor Advisory

FAQ

What is CVE-2016-11061?

CVE-2016-11061 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteU...

How severe is CVE-2016-11061?

CVE-2016-11061 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-11061?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Workcentre 3655 Firmware, Xerox Workcentre 3655, Xerox Workcentre 3655I Firmware, Xerox Workcentre 3655I, Xerox Workcentre 5865 Firmware.