Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00477.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
XEROX AltaLink B8045/B8055/B8065/B8075/B8090 affected
Version Status Constraints
n/a affected
XEROX AltaLink C8030/C8035/C8045/C8055/C8070 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 3655 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 5845/5855/5865/5875/5890 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 5945/5955 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 6655 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 7220/7225 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 7830/7835/7845/7855 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 7970 affected
Version Status Constraints
n/a affected
XEROX WorkCentre EC7836/EC7856 affected
Version Status Constraints
n/a affected
XEROX ColorQube 9301/9302/9303 affected
Version Status Constraints
n/a affected
XEROX ColorQube 8700/8900 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 6400 affected
Version Status Constraints
n/a affected
XEROX Phaser 6700 affected
Version Status Constraints
n/a affected
XEROX Phaser 7800 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 7525/7530/7535/7545/7556 affected
Version Status Constraints
n/a affected
XEROX WorkCentre 7755/7765/7775 affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Xerox Subscribe
Altalink B8045 Subscribe
Altalink B8045 Firmware Subscribe
Altalink B8055 Subscribe
Altalink B8055 Firmware Subscribe
Altalink B8065 Subscribe
Altalink B8065 Firmware Subscribe
Altalink B8075 Subscribe
Altalink B8075 Firmware Subscribe
Altalink B8090 Subscribe
Altalink B8090 Firmware Subscribe
Altalink C8030 Subscribe
Altalink C8030 Firmware Subscribe
Altalink C8035 Subscribe
Altalink C8035 Firmware Subscribe
Altalink C8045 Subscribe
Altalink C8045 Firmware Subscribe
Altalink C8055 Subscribe
Altalink C8055 Firmware Subscribe
Altalink C8070 Subscribe
Altalink C8070 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2019-2603 Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
Fixes

Solution

No fix available for now.

Workaround

There no known workaround for now available.

References
Link Providers
https://airbus-seclab.github.io/ cve-icon cve-icon
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx.pdf cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: airbus

Published:

Updated: 2024-08-04T22:32:02.132Z

Reserved: 2019-04-05T00:00:00

Link: CVE-2019-10881

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-13T21:15:16.740

Modified: 2024-11-21T04:20:02.363

Link: CVE-2019-10881

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses