Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
References
Link | Resource |
---|---|
https://airbus-seclab.github.io/ | Not Applicable |
https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: airbus
Published: 2019-04-12T17:37:54
Updated: 2019-04-12T17:37:54
Reserved: 2019-04-05T00:00:00
Link: CVE-2019-10880
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-12T18:29:01.177
Modified: 2019-10-09T23:45:00.120
Link: CVE-2019-10880
JSON object: View
Redhat Information
No data.
CWE