Unrated severityNVD Advisory· Published Apr 12, 2019· Updated Aug 4, 2024
CVE-2019-10880
CVE-2019-10880
Description
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- XEROX/ColorQube 8700/8900v5Range: unspecified
- XEROX/ColorQube 9301/9302/9303v5Range: unspecified
unspecified+ 6 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- XEROX/WorkCentre 5735/5740/5745/5755/5765/5775/5790v5Range: unspecified
- XEROX/WorkCentre 5845/5855/5865/5875/5890v5Range: unspecified
- XEROX/WorkCentre 7525/7530/7535/7545/7556v5Range: unspecified
- XEROX/WorkCentre 7830/7835/7845/7855v5Range: unspecified
- XEROX/WorkCentre EC7836/EC7856v5Range: unspecified
Patches
Vulnerability mechanics
References
2- airbus-seclab.github.iomitrex_refsource_MISC
- securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.