Remote Code Execution Vulnerability in Xerox Altalink, Versalink, and WorkCentre Products
CVE-2024-6333

7.2HIGH

Key Information:

Vendor: Xerox
Status: Altalink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807; Xerox® Ec8036 / Ec8056; Xerox® Ec8036 / Ec8056 - Common Criteria (june 2022); Xerox® Ec8036 / Ec8056 - Common Criteria (june 2024)
Vendor: CVE Published:; 17 October 2024

What is CVE-2024-6333?

A severe vulnerability has been identified in Xerox Altalink, Versalink, and WorkCentre products, allowing authenticated users to execute arbitrary code remotely. This could result in unauthorized access and potential system compromise. Users and administrators are advised to review the official security bulletin from Xerox to understand the implications and apply necessary updates to safeguard their environments.

Affected Version(s)

AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807 103.xxx.024.18600

AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023) 111.xxx.003.11600

AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024) 119.xxx.023.13006

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Jun 25, 2024