{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T21:23:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-11061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf", "refsource": "MISC", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-11061", "datePublished": "2020-04-29T21:23:30", "dateReserved": "2020-04-29T00:00:00", "dateUpdated": "2020-04-29T21:23:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E7DD60D-FC78-4D04-B9AA-F6D68575725E", "versionEndExcluding": "073.060.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9548A64-CBFA-4562-ACCF-DC9BA10B4FC8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AABD3B3-1CF8-4B3E-BB9A-FE7C358C4679", "versionEndExcluding": "073.060.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*", "matchCriteriaId": "49DC396F-28EC-4B73-A471-CD3539A746A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "653F7316-CBA5-4FA9-A18D-097A37F79C12", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A860EC8-45B7-41EA-BC20-718AD988B200", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1137E449-5057-4071-B881-6BAF513E87D1", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*", "matchCriteriaId": "67800192-D3C8-49CD-8CDC-C4C71CF5155B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C02834C8-AB51-4B6E-8F96-D5A47F6354CC", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2D92CC6-64D9-4DE3-BA4B-F9833C8F6462", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90AB3944-5234-4BB2-B6D0-BF3DAD892788", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C19D2E4-7D96-4261-AC03-925CE75E63CE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "845D2819-F43D-45B5-BC09-B0E4962BA18F", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC484664-F7BE-41E5-A323-6093F9F25F6D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A8668A3-6C96-4C01-99F5-D065965C9588", "versionEndExcluding": "073.190.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*", "matchCriteriaId": "231A161C-223D-4253-B865-7C13D346ADD7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5945_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F100286D-1C67-4A84-BEE4-D6C6A57B60DD", "versionEndExcluding": "073.091.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5945:-:*:*:*:*:*:*:*", "matchCriteriaId": "687EDD3B-00F0-48FB-89DB-5CEFF19A402B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5955_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F72C86FD-18D1-405C-A79F-167F05729DC4", "versionEndExcluding": "073.091.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5955:-:*:*:*:*:*:*:*", "matchCriteriaId": "EED80F8D-316D-479A-A436-0EAFC9120145", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5945i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2786B223-0F3E-43D7-8DCB-3DE587917527", "versionEndExcluding": "073.091.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5945i:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2ED1FFA-9C53-43DB-A03F-7035FBAA234D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5955i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EBE7F66-2D66-41FE-8909-5259CE0A4A9F", "versionEndExcluding": "073.091.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5955i:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D951BB0-1679-408B-89E1-9B7AE8A360A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "38418AA3-8306-4BF2-8D27-2C60B1A24C9D", "versionEndExcluding": "073.110.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*", "matchCriteriaId": "24ED495D-E99F-40D1-B651-F39C77E307B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "185BE079-89CA-4254-B9B3-4939099C8EFC", "versionEndExcluding": "073.110.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*", "matchCriteriaId": "75BE968D-572B-4E34-9AB5-D2B7779A3582", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E35B4292-36AF-46AB-938F-5AE795219849", "versionEndExcluding": "073.030.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7200:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D45BD63-F7BC-4760-B8FD-B9EB4A0D2658", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7200i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "803DEC1A-6BEA-4B03-ACE4-F19B9039FF33", "versionEndExcluding": "073.030.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7200i:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D8D74BB-2B7F-4590-B52E-FB4D92728636", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DEFF7CC-D587-417D-88FF-23F975D70A1D", "versionEndExcluding": "073.030.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA084943-D663-4848-B788-AA0739BB0912", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "571B7555-3273-4310-9698-7872EA351C70", "versionEndExcluding": "073.010.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*", "matchCriteriaId": "7372F31A-6EE3-4DB2-89BF-48E2DD45477C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E53D8B0E-E2AA-4BAA-AC75-930619AF790B", "versionEndExcluding": "073.010.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*", "matchCriteriaId": "327F1EC4-5FA3-4AFC-B1A0-5E0472BB7893", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "822798B9-732B-4EC9-A6C3-12510E81678F", "versionEndExcluding": "073.010.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*", "matchCriteriaId": "549583A3-16EF-4FF7-B9F2-50838ADBE3EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7A592E2-D5BD-43AC-8DB0-A5645D4C00FC", "versionEndExcluding": "073.010.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC95E9A5-0E1A-43AF-87D4-E9C06C780413", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A36B403-DF7B-45F6-BE73-25F314FF6BA9", "versionEndExcluding": "073.200.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF90B89B-6067-4CCD-BF54-8F0FB6106339", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A04A0303-08F3-4678-8D32-5546D2781455", "versionEndExcluding": "073.200.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD60A2AE-C2C6-498E-BC3F-6CA55BE1CE96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1FE6894-4DE3-47E2-B1C9-5972186E7555", "versionEndExcluding": "073.030.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD9B953F-7360-4605-A016-E35DB388E73B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6081D88-266C-4E51-8D6D-C84421E03FBD", "versionEndExcluding": "073.030.086.15410", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1D36448-38F7-4C4B-A66F-8B96F360144C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device."}, {"lang": "es", "value": "Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970 y 7970i versiones anteriores a 073.xxx.086.15410, no escapan apropiadamente los par\u00e1metros en el script support/remoteUI/configrui.php, que puede permitir a un atacante no autenticado ejecutar comandos del Sistema Operativo sobre el dispositivo."}], "id": "CVE-2016-11061", "lastModified": "2020-05-06T15:01:56.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-29T22:15:11.810", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}