Default hidden Privileged Account Vulnerability in multiple XEROX devices
CVE-2019-10881

9.4CRITICAL

Key Information:

Vendor: Xerox
Status: Altalink B8045/b8055/b8065/b8075/b8090; Altalink C8030/c8035/c8045/c8055/c8070; Workcentre 3655; Workcentre 5845/5855/5865/5875/5890
Vendor: CVE Published:; 13 April 2021

Summary

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

Affected Version(s)

AltaLink B8045/B8055/B8065/B8075/B8090

AltaLink C8030/C8035/C8045/C8055/C8070

ColorQube 8700/8900

References

https://airbus-seclab.github.io/

x_refsource_MISC

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 13, 2021
Vulnerability Reserved
Apr 5, 2019

Credit

Raphaël Rigo from the Airbus Security Lab