CVE-2018-17172
published 2019-01-03CVE-2018-17172: The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070…
PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.95%
77.7th percentile
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xerox | altalink_b8045_firmware | < 100.008.028.05200 | 100.008.028.05200 |
| xerox | altalink_b8055_firmware | < 100.008.028.05200 | 100.008.028.05200 |
| xerox | altalink_b8065_firmware | < 100.008.028.05200 | 100.008.028.05200 |
| xerox | altalink_b8075_firmware | < 100.008.028.05200 | 100.008.028.05200 |
| xerox | altalink_b8090_firmware | < 100.008.028.05200 | 100.008.028.05200 |
| xerox | altalink_c8030_firmware | < 100.001.028.05200 | 100.001.028.05200 |
| xerox | altalink_c8035_firmware | < 100.001.028.05200 | 100.001.028.05200 |
| xerox | altalink_c8045_firmware | < 100.002.028.05200 | 100.002.028.05200 |
| xerox | altalink_c8055_firmware | < 100.002.028.05200 | 100.002.028.05200 |
| xerox | altalink_c8070_firmware | < 100.003.028.05200 | 100.003.028.05200 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-03
Published