CVE-2019-18630 — HIGH (7.5)

Q: How severe is CVE-2019-18630?

CVE-2019-18630 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-18630?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Altalink B8045 Firmware, Xerox Altalink B8045, Xerox Altalink B8055 Firmware, Xerox Altalink B8055, Xerox Altalink B8065 Firmware.

Vulnerability Description

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xerox	Altalink B8045 Firmware	< 103.008.010.14010
Xerox	Altalink B8045	-
Xerox	Altalink B8055 Firmware	< 103.008.010.14010
Xerox	Altalink B8055	-
Xerox	Altalink B8065 Firmware	< 103.008.010.14010
Xerox	Altalink B8065	-
Xerox	Altalink B8075 Firmware	< 103.008.010.14010
Xerox	Altalink B8075	-
Xerox	Altalink B8090 Firmware	< 103.008.010.14010
Xerox	Altalink B8090	-
Xerox	Altalink C8030 Firmware	< 103.001.010.14010
Xerox	Altalink C8030	-
Xerox	Altalink C8035 Firmware	< 103.001.010.14010
Xerox	Altalink C8035	-
Xerox	Altalink C8045 Firmware	< 103.002.010.14010
Xerox	Altalink C8045	-
Xerox	Altalink C8055 Firmware	< 103.002.010.14010
Xerox	Altalink C8055	-
Xerox	Altalink C8070 Firmware	< 103.003.010.14010
Xerox	Altalink C8070	-

Related Weaknesses (CWE)

CWE-312

References

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_SecurityVendor Advisory
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_SecurityVendor Advisory

FAQ

What is CVE-2019-18630?

CVE-2019-18630 is a vulnerability with a CVSS score of 7.5 (HIGH). On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable co...

How severe is CVE-2019-18630?

CVE-2019-18630 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18630?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Altalink B8045 Firmware, Xerox Altalink B8045, Xerox Altalink B8055 Firmware, Xerox Altalink B8055, Xerox Altalink B8065 Firmware.