{"id": "CVE-2016-11061", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-04-29T22:15:11.810", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device."}, {"lang": "es", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970 y 7970i versiones anteriores a 073.xxx.086.15410, no escapan apropiadamente los par\u00e1metros en el script support/remoteUI/configrui.php, que puede permitir a un atacante no autenticado ejecutar comandos del Sistema Operativo sobre el dispositivo."}], "lastModified": "2024-11-21T02:45:24.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7DD60D-FC78-4D04-B9AA-F6D68575725E", "versionEndExcluding": "073.060.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9548A64-CBFA-4562-ACCF-DC9BA10B4FC8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AABD3B3-1CF8-4B3E-BB9A-FE7C358C4679", "versionEndExcluding": "073.060.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49DC396F-28EC-4B73-A471-CD3539A746A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "653F7316-CBA5-4FA9-A18D-097A37F79C12", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A860EC8-45B7-41EA-BC20-718AD988B200"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1137E449-5057-4071-B881-6BAF513E87D1", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67800192-D3C8-49CD-8CDC-C4C71CF5155B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C02834C8-AB51-4B6E-8F96-D5A47F6354CC", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2D92CC6-64D9-4DE3-BA4B-F9833C8F6462"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AB3944-5234-4BB2-B6D0-BF3DAD892788", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C19D2E4-7D96-4261-AC03-925CE75E63CE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845D2819-F43D-45B5-BC09-B0E4962BA18F", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC484664-F7BE-41E5-A323-6093F9F25F6D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A8668A3-6C96-4C01-99F5-D065965C9588", "versionEndExcluding": "073.190.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "231A161C-223D-4253-B865-7C13D346ADD7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5945_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F100286D-1C67-4A84-BEE4-D6C6A57B60DD", "versionEndExcluding": "073.091.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5945:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "687EDD3B-00F0-48FB-89DB-5CEFF19A402B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5955_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F72C86FD-18D1-405C-A79F-167F05729DC4", "versionEndExcluding": "073.091.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5955:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EED80F8D-316D-479A-A436-0EAFC9120145"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5945i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2786B223-0F3E-43D7-8DCB-3DE587917527", "versionEndExcluding": "073.091.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5945i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2ED1FFA-9C53-43DB-A03F-7035FBAA234D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5955i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EBE7F66-2D66-41FE-8909-5259CE0A4A9F", "versionEndExcluding": "073.091.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5955i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D951BB0-1679-408B-89E1-9B7AE8A360A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38418AA3-8306-4BF2-8D27-2C60B1A24C9D", "versionEndExcluding": "073.110.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24ED495D-E99F-40D1-B651-F39C77E307B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "185BE079-89CA-4254-B9B3-4939099C8EFC", "versionEndExcluding": "073.110.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75BE968D-572B-4E34-9AB5-D2B7779A3582"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E35B4292-36AF-46AB-938F-5AE795219849", "versionEndExcluding": "073.030.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D45BD63-F7BC-4760-B8FD-B9EB4A0D2658"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7200i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "803DEC1A-6BEA-4B03-ACE4-F19B9039FF33", "versionEndExcluding": "073.030.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7200i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D8D74BB-2B7F-4590-B52E-FB4D92728636"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DEFF7CC-D587-417D-88FF-23F975D70A1D", "versionEndExcluding": "073.030.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA084943-D663-4848-B788-AA0739BB0912"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "571B7555-3273-4310-9698-7872EA351C70", "versionEndExcluding": "073.010.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7372F31A-6EE3-4DB2-89BF-48E2DD45477C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E53D8B0E-E2AA-4BAA-AC75-930619AF790B", "versionEndExcluding": "073.010.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "327F1EC4-5FA3-4AFC-B1A0-5E0472BB7893"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "822798B9-732B-4EC9-A6C3-12510E81678F", "versionEndExcluding": "073.010.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "549583A3-16EF-4FF7-B9F2-50838ADBE3EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A592E2-D5BD-43AC-8DB0-A5645D4C00FC", "versionEndExcluding": "073.010.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC95E9A5-0E1A-43AF-87D4-E9C06C780413"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A36B403-DF7B-45F6-BE73-25F314FF6BA9", "versionEndExcluding": "073.200.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF90B89B-6067-4CCD-BF54-8F0FB6106339"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A04A0303-08F3-4678-8D32-5546D2781455", "versionEndExcluding": "073.200.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD60A2AE-C2C6-498E-BC3F-6CA55BE1CE96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FE6894-4DE3-47E2-B1C9-5972186E7555", "versionEndExcluding": "073.030.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD9B953F-7360-4605-A016-E35DB388E73B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6081D88-266C-4E51-8D6D-C84421E03FBD", "versionEndExcluding": "073.030.086.15410"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1D36448-38F7-4C4B-A66F-8B96F360144C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}