Data Exposure Vulnerability in Xerox Multifunction Printers
CVE-2019-18630

7.5HIGH

Key Information:

Vendor: Xerox
Status: Altalink B8045 Firmware
Vendor: CVE Published:; 4 March 2021

Summary

A vulnerability exists in specific Xerox AltaLink multifunction printers, where portions of the drive containing executable code are not encrypted. This lack of encryption allows the potential for cryptographic information disclosure, potentially exposing sensitive data to unauthorized access. Affected models include various iterations of the AltaLink B-series and C-series printers that are running software versions prior to 101.00x.099.28200. It is critical for users of these devices to ensure they are using the latest firmware to mitigate risks associated with this vulnerability.

References

https://securitydocs.business.xerox.com/wp-content/upload...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Oct 30, 2019