CVE-2022-45897 — MEDIUM (6.5)

Vulnerability Description

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xerox	Workcentre 3550 Firmware	25.003.03.000
Xerox	Workcentre 3550	-

Related Weaknesses (CWE)

CWE-312

References

https://Xerox.comVendor Advisory
https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-Third Party Advisory
https://Xerox.comVendor Advisory
https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-Third Party Advisory

FAQ

What is CVE-2022-45897?

CVE-2022-45897 is a vulnerability with a CVSS score of 6.5 (MEDIUM). On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.

How severe is CVE-2022-45897?

CVE-2022-45897 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45897?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Workcentre 3550 Firmware, Xerox Workcentre 3550.