CVE-2020-9330
published 2020-02-21CVE-2020-9330: Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.07%
60.6th percentile
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xerox | workcentre_3655_firmware | < 073.060.000.02300 | 073.060.000.02300 |
| xerox | workcentre_3655i_firmware | < 073.060.000.02300 | 073.060.000.02300 |
| xerox | workcentre_5845_firmware | < 073.190.000.02300 | 073.190.000.02300 |
| xerox | workcentre_5855_firmware | < 073.190.000.02300 | 073.190.000.02300 |
| xerox | workcentre_5945_firmware | < 073.091.000.02300 | 073.091.000.02300 |
| xerox | workcentre_5955_firmware | < 073.091.000.02300 | 073.091.000.02300 |
| xerox | workcentre_6655_firmware | < 073.110.000.02300 | 073.110.000.02300 |
| xerox | workcentre_6655i_firmware | < 073.110.000.02300 | 073.110.000.02300 |
| xerox | workcentre_7220_firmware | < 073.030.000.02300 | 073.030.000.02300 |
| xerox | workcentre_7225_firmware | < 073.030.000.02300 | 073.030.000.02300 |
| xerox | workcentre_7830_firmware | < 073.010.000.02300 | 073.010.000.02300 |
| xerox | workcentre_7835_firmware | < 073.010.000.02300 | 073.010.000.02300 |
| xerox | workcentre_7845_firmware | < 073.010.000.02300 | 073.010.000.02300 |
| xerox | workcentre_7855_firmware | < 073.010.000.02300 | 073.010.000.02300 |
| xerox | workcentre_7970_firmware | < 073.200.000.02300 | 073.200.000.02300 |
| xerox | workcentre_7970i_firmware | < 073.200.000.02300 | 073.200.000.02300 |
| xerox | workcentre_ec7836_firmware | < 073.050.000.02300 | 073.050.000.02300 |
| xerox | workcentre_ec7856_firmware | < 073.020.000.02300 | 073.020.000.02300 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://securitydocs.business.xerox.com/wp-content/uploads/2020/02/cert_Security_Mini_Bulletin_XRX20D_for_ConnectKey.pdfhttps://www.securicon.com/hackers-can-gain-active-directory-privileges-through-new-vulnerability-in-xerox-printers/https://securitydocs.business.xerox.com/wp-content/uploads/2020/02/cert_Security_Mini_Bulletin_XRX20D_for_ConnectKey.pdfhttps://www.securicon.com/hackers-can-gain-active-directory-privileges-through-new-vulnerability-in-xerox-printers/
2020-02-21
Published