{"containers":{"cna":{"affected":[{"product":"AltaLink B8045/B8055/B8065/B8075/B8090","vendor":"XEROX","versions":[{"lessThanOrEqual":"101.008.008.27400","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"AltaLink C8030/C8035/C8045/C8055/C8070","vendor":"XEROX","versions":[{"lessThanOrEqual":"101.001.008.27400","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 3655","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.060.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 5845/5855/5865/5875/5890","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.190.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 5945/5955","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.091.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 6655","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.110.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 7220/7225","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.030.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 7830/7835/7845/7855","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.010.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 7970","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.200.075.34540","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre EC7836/EC7856","vendor":"XEROX","versions":[{"lessThanOrEqual":"073.020.167.17200","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"ColorQube 9301/9302/9303","vendor":"XEROX","versions":[{"lessThan":"072.xxx.009.07200","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"ColorQube 8700/8900","vendor":"XEROX","versions":[{"lessThan":"072.xxx.009.07200","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 6400","vendor":"XEROX","versions":[{"lessThanOrEqual":"061.070.100.24201","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"Phaser 6700","vendor":"XEROX","versions":[{"lessThanOrEqual":"081.140.103.22600","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"Phaser 7800","vendor":"XEROX","versions":[{"lessThanOrEqual":"081.150.103.05600","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 5735/5740/5745/5755/5765/5775/5790","vendor":"XEROX","versions":[{"lessThanOrEqual":"061.132.221.21403","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 7525/7530/7535/7545/7556","vendor":"XEROX","versions":[{"lessThanOrEqual":"061.121.224.18803","status":"unknown","version":"unspecified","versionType":"custom"}]},{"product":"WorkCentre 7755/7765/7775","vendor":"XEROX","versions":[{"lessThanOrEqual":"061.090.220.19700","status":"unknown","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"RaphaÃ«l Rigo from the Airbus Security Lab"}],"datePublic":"2019-02-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 OS Command Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2019-04-12T17:37:54.000Z","orgId":"24a3c815-5f22-4d74-967a-30958d6466f4","shortName":"airbus"},"references":[{"tags":["x_refsource_MISC"],"url":"https://airbus-seclab.github.io/"},{"tags":["x_refsource_CONFIRM"],"url":"https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}],"solutions":[{"lang":"en","value":"A fix for some models is available."}],"source":{"discovery":"INTERNAL"},"workarounds":[{"lang":"en","value":"There are no known workarounds for now available."}],"x_generator":{"engine":"Vulnogram 0.0.6"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@airbus.com","ID":"CVE-2019-10880","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"AltaLink B8045/B8055/B8065/B8075/B8090","version":{"version_data":[{"version_affected":"?<=","version_value":"101.008.008.27400"}]}},{"product_name":"AltaLink C8030/C8035/C8045/C8055/C8070","version":{"version_data":[{"version_affected":"?<=","version_value":"101.001.008.27400"}]}},{"product_name":"WorkCentre 3655","version":{"version_data":[{"version_affected":"?<=","version_value":"073.060.075.34540"}]}},{"product_name":"WorkCentre 5845/5855/5865/5875/5890","version":{"version_data":[{"version_affected":"?<=","version_value":"073.190.075.34540"}]}},{"product_name":"WorkCentre 5945/5955","version":{"version_data":[{"version_affected":"?<=","version_value":"073.091.075.34540"}]}},{"product_name":"WorkCentre 6655","version":{"version_data":[{"version_affected":"?<=","version_value":"073.110.075.34540"}]}},{"product_name":"WorkCentre 7220/7225","version":{"version_data":[{"version_affected":"?<=","version_value":"073.030.075.34540"}]}},{"product_name":"WorkCentre 7830/7835/7845/7855","version":{"version_data":[{"version_affected":"?<=","version_value":"073.010.075.34540"}]}},{"product_name":"WorkCentre 7970","version":{"version_data":[{"version_affected":"?<=","version_value":"073.200.075.34540"}]}},{"product_name":"WorkCentre EC7836/EC7856","version":{"version_data":[{"version_affected":"?<=","version_value":"073.020.167.17200"}]}},{"product_name":"ColorQube 9301/9302/9303","version":{"version_data":[{"version_affected":"<","version_value":"072.xxx.009.07200"}]}},{"product_name":"ColorQube 8700/8900","version":{"version_data":[{"version_affected":"<","version_value":"072.xxx.009.07200"}]}},{"product_name":"WorkCentre 6400","version":{"version_data":[{"version_affected":"?<=","version_value":"061.070.100.24201"}]}},{"product_name":"Phaser 6700","version":{"version_data":[{"version_affected":"?<=","version_value":"081.140.103.22600"}]}},{"product_name":"Phaser 7800","version":{"version_data":[{"version_affected":"?<=","version_value":"081.150.103.05600"}]}},{"product_name":"WorkCentre 5735/5740/5745/5755/5765/5775/5790","version":{"version_data":[{"version_affected":"?<=","version_value":"061.132.221.21403"}]}},{"product_name":"WorkCentre 7525/7530/7535/7545/7556","version":{"version_data":[{"version_affected":"?<=","version_value":"061.121.224.18803"}]}},{"product_name":"WorkCentre 7755/7765/7775","version":{"version_data":[{"version_affected":"?<=","version_value":"061.090.220.19700"}]}}]},"vendor_name":"XEROX"}]}},"credit":[{"lang":"eng","value":"RaphaÃ«l Rigo from the Airbus Security Lab"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the \"nobody\" user through a crafted \"HTTP\" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary."}]},"generator":{"engine":"Vulnogram 0.0.6"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78 OS Command Injection"}]}]},"references":{"reference_data":[{"name":"https://airbus-seclab.github.io/","refsource":"MISC","url":"https://airbus-seclab.github.io/"},{"name":"https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf","refsource":"CONFIRM","url":"https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}]},"solution":[{"lang":"en","value":"A fix for some models is available."}],"source":{"discovery":"INTERNAL"},"work_around":[{"lang":"en","value":"There are no known workarounds for now available."}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T22:32:02.151Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://airbus-seclab.github.io/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdf"}]}]},"cveMetadata":{"assignerOrgId":"24a3c815-5f22-4d74-967a-30958d6466f4","assignerShortName":"airbus","cveId":"CVE-2019-10880","datePublished":"2019-04-12T17:37:54.000Z","dateReserved":"2019-04-05T00:00:00.000Z","dateUpdated":"2024-08-04T22:32:02.151Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}