Authenticated Access Vulnerability in Xerox WorkCentre 3550
CVE-2022-45897

6.5MEDIUM

Key Information:

Vendor: Xerox
Status: Workcentre 3550 Firmware
Vendor: CVE Published:; 31 January 2023

Summary

An authenticated access vulnerability exists in the Xerox WorkCentre 3550, specifically on version 25.003.03.000. This flaw allows an attacker with legitimate credentials to access the SMB server settings of the device, potentially exposing sensitive information such as stored cleartext credentials. Exploitation of this vulnerability may lead to unauthorized access to critical configuration details, compromising the security of the entire network.

References

https://Xerox.com

https://gist.github.com/waffl3ss/eb61d38b5c44131d35865780...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2023
Vulnerability Reserved
Nov 25, 2022