1. Home
  2. CVE Database
  3. CVE-2019-18629
HIGH · 8.1

CVE-2019-18629

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary du...

Vulnerability Description

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
XeroxAltalink B8045 Firmware< 101.008.099.28200
XeroxAltalink B8045-
XeroxAltalink B8055 Firmware< 101.008.099.28200
XeroxAltalink B8055-
XeroxAltalink B8065 Firmware< 101.008.099.28200
XeroxAltalink B8065-
XeroxAltalink B8075 Firmware< 101.008.099.28200
XeroxAltalink B8075-
XeroxAltalink B8090 Firmware< 101.008.099.28200
XeroxAltalink B8090-
XeroxAltalink C8030 Firmware< 101.001.099.28200
XeroxAltalink C8030-
XeroxAltalink C8035 Firmware< 101.001.099.28200
XeroxAltalink C8035-
XeroxAltalink C8045 Firmware< 101.002.099.28200
XeroxAltalink C8045-
XeroxAltalink C8055 Firmware< 101.002.099.28200
XeroxAltalink C8055-
XeroxAltalink C8070 Firmware< 101.003.099.28200
XeroxAltalink C8070-

References

FAQ

What is CVE-2019-18629?

CVE-2019-18629 is a vulnerability with a CVSS score of 8.1 (HIGH). Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary du...

How severe is CVE-2019-18629?

CVE-2019-18629 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18629?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Altalink B8045 Firmware, Xerox Altalink B8045, Xerox Altalink B8055 Firmware, Xerox Altalink B8055, Xerox Altalink B8065 Firmware.