cbcvebase.
CVE-2019-18630
published 2021-03-04

CVE-2019-18630: On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.68%
47.7th percentile
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.

Affected

10 ranges
VendorProductVersion rangeFixed in
xeroxaltalink_b8045_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8055_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8065_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8075_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_b8090_firmware< 103.008.010.14010103.008.010.14010
xeroxaltalink_c8030_firmware< 103.001.010.14010103.001.010.14010
xeroxaltalink_c8035_firmware< 103.001.010.14010103.001.010.14010
xeroxaltalink_c8045_firmware< 103.002.010.14010103.002.010.14010
xeroxaltalink_c8055_firmware< 103.002.010.14010103.002.010.14010
xeroxaltalink_c8070_firmware< 103.003.010.14010103.003.010.14010

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.