{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6333","assignerOrgId":"10b61619-3869-496c-8a1e-f291b0e71e3f","state":"PUBLISHED","assignerShortName":"Xerox","dateReserved":"2024-06-25T18:31:05.065Z","datePublished":"2024-10-17T13:51:16.011Z","dateUpdated":"2025-09-17T16:52:52.859Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807","vendor":"Xerox","versions":[{"status":"affected","version":"103.xxx.024.18600","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Xerox® EC8036 / EC8056","vendor":"Xerox","versions":[{"status":"affected","version":"103.xxx.024.18600"}]},{"defaultStatus":"unaffected","product":"Xerox® EC8036 / EC8056 - Common Criteria (June 2022)","vendor":"Xerox","versions":[{"status":"affected","version":"103.023.031.35105"}]},{"defaultStatus":"unaffected","product":"Xerox® EC8036 / EC8056 - Common Criteria (June 2024)","vendor":"Xerox","versions":[{"status":"affected","version":"103.xxx.013.14115"}]},{"defaultStatus":"unaffected","product":"AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)","vendor":"Xerox","versions":[{"status":"affected","version":"119.xxx.023.13006"}]},{"defaultStatus":"unaffected","product":"AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)","vendor":"Xerox","versions":[{"status":"affected","version":"111.xxx.003.11600"}]},{"defaultStatus":"unaffected","product":"VersaLink® B625 / C625 | B425 / C425 Common Criteria Certified (2024)","vendor":"Xerox","versions":[{"status":"affected","version":"119.xxx.003.11705"}]},{"defaultStatus":"unaffected","product":"WorkCentre 3655/3655i","vendor":"Xerox","versions":[{"status":"affected","version":"075.060.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 5945/55i","vendor":"Xerox","versions":[{"status":"affected","version":"075.091.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 6655/6655i","vendor":"Xerox","versions":[{"status":"affected","version":"075.110.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 7220/7225i","vendor":"Xerox","versions":[{"status":"affected","version":"075.030.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 7830/7835i","vendor":"Xerox","versions":[{"status":"affected","version":"075.010 004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 7845/7855i","vendor":"Xerox","versions":[{"status":"affected","version":"075.040.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 7845/7855 (IBG)","vendor":"Xerox","versions":[{"status":"affected","version":"075.080.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre 7970/7970i","vendor":"Xerox","versions":[{"status":"affected","version":"075.200.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre EC7836","vendor":"Xerox","versions":[{"status":"affected","version":"075.050.004.07810"}]},{"defaultStatus":"unaffected","product":"WorkCentre EC7856","vendor":"Xerox","versions":[{"status":"affected","version":"075.020.004.07810"}]}],"datePublic":"2024-10-16T13:46:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Authenticated Remote Code Execution in Altalink, Versalink &amp; WorkCentre Products."}],"value":"Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products."}],"impacts":[{"capecId":"CAPEC-253","descriptions":[{"lang":"en","value":"CAPEC-253 Remote Code Inclusion"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-77","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"10b61619-3869-496c-8a1e-f291b0e71e3f","shortName":"Xerox","dateUpdated":"2025-09-17T16:52:52.859Z"},"references":[{"url":"https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"}],"source":{"discovery":"UNKNOWN"},"title":"Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"xerox","product":"altalink_firmware","cpes":["cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"103.xxx.024.18600","versionType":"custom"},{"version":"0","status":"affected","lessThan":"119.xxx.023.13006","versionType":"custom"},{"version":"0","status":"affected","lessThan":"111.xxx.003.11600","versionType":"custom"}]},{"vendor":"xerox","product":"versalink_firmware","cpes":["cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"119.xxx.003.11705","versionType":"custom"}]},{"vendor":"xerox","product":"workcentre_firmware","cpes":["cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"075.060.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.091.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.110.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.030.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.010 004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.040.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.080.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.200.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.050.004.07810","versionType":"custom"},{"version":"0","status":"affected","lessThan":"075.020.004.07810","versionType":"custom"}]},{"vendor":"xerox","product":"xerox_firmware","cpes":["cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"103.xxx.024.18600","versionType":"custom"},{"version":"0","status":"affected","lessThan":"103.023.031.35105","versionType":"custom"},{"version":"0","status":"affected","lessThan":"103.xxx.013.14115","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-25T18:32:51.988456Z","id":"CVE-2024-6333","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-25T19:19:55.218Z"}},{"title":"CVE Program Container","references":[{"url":"http://seclists.org/fulldisclosure/2024/Oct/17"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-10-29T05:02:50.054Z"}}]}}