| Vulnerability Name: | CVE-2019-13171 (CCN-178224) | ||||||||||||
| Assigned: | 2019-08-08 | ||||||||||||
| Published: | 2019-08-08 | ||||||||||||
| Updated: | 2020-03-18 | ||||||||||||
| Summary: | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-787 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-13171 Source: XF Type: UNKNOWN xerox-cve201913171-bo(178224) Source: MISC Type: Vendor Advisory https://security.business.xerox.com/ Source: CCN Type: Xerox Security Mini Bulletin XRX19R Mini Bulletin XRX19R Xerox Phaser 3320 SPAR Release 53.006.18.000 Source: CCN Type: NCC Group Technical Advisory: Multiple Vulnerabilities in Xerox Printers Source: MISC Type: Third Party Advisory https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||