cbcvebase.
CVE-2019-10881
published 2021-04-13

CVE-2019-10881: Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with…

PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.99%
58.0th percentile
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
xeroxaltalink_b8045_b8055_b8065_b8075_b8090
xeroxaltalink_b8045_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8055_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8065_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8075_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8090_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_c8030_c8035_c8045_c8055_c8070
xeroxaltalink_c8030_firmware< 103.001.010.14010103.001.010.14010
xeroxaltalink_c8035_firmware< 103.001.010.14010103.001.010.14010
xeroxaltalink_c8045_firmware< 103.002.010.14010103.002.010.14010
xeroxaltalink_c8055_firmware< 103.002.010.14010103.002.010.14010
xeroxaltalink_c8070_firmware< 103.003.010.14010103.003.010.14010
xeroxcolorqube_8700_8900
xeroxcolorqube_9301_9302_9303
xeroxphaser_6700
xeroxphaser_7800
xeroxworkcentre_3655
xeroxworkcentre_5735_5740_5745_5755_5765_5775_5790
xeroxworkcentre_5845_5855_5865_5875_5890
xeroxworkcentre_5945_5955
xeroxworkcentre_6400
xeroxworkcentre_6655
xeroxworkcentre_7220_7225
xeroxworkcentre_7525_7530_7535_7545_7556
xeroxworkcentre_7755_7765_7775

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.4CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.