CVE-2019-10880 - OpenCVE

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xerox	Colorqube 9301 Colorqube 8700 Colorqube 9302 Firmware Colorqube 9302 Colorqube 9303 Firmware Colorqube 9303 Colorqube 8900 Firmware Colorqube 9301 Firmware Colorqube 8900 Colorqube 8700 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:*

References

Link	Resource
https://airbus-seclab.github.io/	Not Applicable
https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: airbus

Published: 2019-04-12T17:37:54

Updated: 2019-04-12T17:37:54

Reserved: 2019-04-05T00:00:00

Link: CVE-2019-10880

JSON object: View

NVD Information

Status : Modified

Published: 2019-04-12T18:29:01.177

Modified: 2019-10-09T23:45:00.120

Link: CVE-2019-10880

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "AltaLink B8045/B8055/B8065/B8075/B8090", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "101.008.008.27400", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "AltaLink C8030/C8035/C8045/C8055/C8070", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "101.001.008.27400", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 3655", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.060.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5845/5855/5865/5875/5890", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.190.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5945/5955", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.091.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 6655", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.110.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7220/7225", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.030.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7830/7835/7845/7855", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.010.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7970", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.200.075.34540", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre EC7836/EC7856", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "073.020.167.17200", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "ColorQube 9301/9302/9303", "vendor": "XEROX", "versions": [{"lessThan": "072.xxx.009.07200", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ColorQube 8700/8900", "vendor": "XEROX", "versions": [{"lessThan": "072.xxx.009.07200", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 6400", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.070.100.24201", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "Phaser 6700", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "081.140.103.22600", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "Phaser 7800", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "081.150.103.05600", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 5735/5740/5745/5755/5765/5775/5790", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.132.221.21403", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7525/7530/7535/7545/7556", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.121.224.18803", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}, {"product": "WorkCentre 7755/7765/7775", "vendor": "XEROX", "versions": [{"lessThanOrEqual": "061.090.220.19700", "status": "unknown", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Rapha\u00c3\u00abl Rigo from the Airbus Security Lab"}], "datePublic": "2019-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-12T17:37:54", "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4", "shortName": "airbus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://airbus-seclab.github.io/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}], "solutions": [{"lang": "en", "value": "A fix for some models is available."}], "source": {"discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no known workarounds for now available."}], "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@airbus.com", "ID": "CVE-2019-10880", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AltaLink B8045/B8055/B8065/B8075/B8090", "version": {"version_data": [{"version_affected": "?<=", "version_value": "101.008.008.27400"}]}}, {"product_name": "AltaLink C8030/C8035/C8045/C8055/C8070", "version": {"version_data": [{"version_affected": "?<=", "version_value": "101.001.008.27400"}]}}, {"product_name": "WorkCentre 3655", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.060.075.34540"}]}}, {"product_name": "WorkCentre 5845/5855/5865/5875/5890", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.190.075.34540"}]}}, {"product_name": "WorkCentre 5945/5955", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.091.075.34540"}]}}, {"product_name": "WorkCentre 6655", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.110.075.34540"}]}}, {"product_name": "WorkCentre 7220/7225", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.030.075.34540"}]}}, {"product_name": "WorkCentre 7830/7835/7845/7855", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.010.075.34540"}]}}, {"product_name": "WorkCentre 7970", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.200.075.34540"}]}}, {"product_name": "WorkCentre EC7836/EC7856", "version": {"version_data": [{"version_affected": "?<=", "version_value": "073.020.167.17200"}]}}, {"product_name": "ColorQube 9301/9302/9303", "version": {"version_data": [{"version_affected": "<", "version_value": "072.xxx.009.07200"}]}}, {"product_name": "ColorQube 8700/8900", "version": {"version_data": [{"version_affected": "<", "version_value": "072.xxx.009.07200"}]}}, {"product_name": "WorkCentre 6400", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.070.100.24201"}]}}, {"product_name": "Phaser 6700", "version": {"version_data": [{"version_affected": "?<=", "version_value": "081.140.103.22600"}]}}, {"product_name": "Phaser 7800", "version": {"version_data": [{"version_affected": "?<=", "version_value": "081.150.103.05600"}]}}, {"product_name": "WorkCentre 5735/5740/5745/5755/5765/5775/5790", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.132.221.21403"}]}}, {"product_name": "WorkCentre 7525/7530/7535/7545/7556", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.121.224.18803"}]}}, {"product_name": "WorkCentre 7755/7765/7775", "version": {"version_data": [{"version_affected": "?<=", "version_value": "061.090.220.19700"}]}}]}, "vendor_name": "XEROX"}]}}, "credit": [{"lang": "eng", "value": "Rapha\u00c3\u00abl Rigo from the Airbus Security Lab"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://airbus-seclab.github.io/", "refsource": "MISC", "url": "https://airbus-seclab.github.io/"}, {"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf", "refsource": "CONFIRM", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}]}, "solution": [{"lang": "en", "value": "A fix for some models is available."}], "source": {"discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no known workarounds for now available."}]}}}, "cveMetadata": {"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4", "assignerShortName": "airbus", "cveId": "CVE-2019-10880", "datePublished": "2019-04-12T17:37:54", "dateReserved": "2019-04-05T00:00:00", "dateUpdated": "2019-04-12T17:37:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2CDCD57-1A53-41C3-AE50-4EFAD1F8E636", "versionEndExcluding": "072.161.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "2764BB3A-9201-49C4-9774-C8906FE14741", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FB5A103-83B9-4684-9B11-04C9A9001354", "versionEndExcluding": "072.161.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:*", "matchCriteriaId": "59018173-83A8-4389-8AE2-BB987144C1A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E24AA3BC-06CC-4D61-9A43-939B6289F7C4", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:*", "matchCriteriaId": "99B41C5B-0045-49E8-B34D-67FD42449B44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "727615E8-7289-4B06-89C2-3B9D0597C8D9", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:*", "matchCriteriaId": "A20F7D5C-7187-40E3-8C3F-3F70729AF2CE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58960946-14EF-4FDB-9735-C0B1060384C9", "versionEndExcluding": "072.180.009.07200", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:*", "matchCriteriaId": "847E973A-3C1A-4969-B6BD-E56CC49BC7AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}, {"lang": "es", "value": "En m\u00faltiples productos XEROX, una vulnerabilidad permite la ejecuci\u00f3n remota de comandos en el sistema Linux, como el usuario \"nobody\", a trav\u00e9s de una petici\u00f3n \"HTTP\" modificada (vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo en la interfaz HTTP). Dependiendo de la configuraci\u00f3n, la autenticaci\u00f3n puede no ser necesaria."}], "id": "CVE-2019-10880", "lastModified": "2019-10-09T23:45:00.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cert@airbus.com", "type": "Secondary"}]}, "published": "2019-04-12T18:29:01.177", "references": [{"source": "cert@airbus.com", "tags": ["Not Applicable"], "url": "https://airbus-seclab.github.io/"}, {"source": "cert@airbus.com", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}], "sourceIdentifier": "cert@airbus.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "cert@airbus.com", "type": "Secondary"}]}