CVE-2018-17172
CRITICALXerox AltaLink <100.008.028.05200 - Command Injection
Title source: llmDescription
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://securitydocs.business.xerox.com/wp-content/uploads/2018/12/cert_Security_Mini_Bulletin_XRX18AL_for_ALB80xx-C80xx_v1.1.pdf
Scores
CVSS v3
9.8
EPSS
0.0195
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (10)
xerox/altalink_b8045_firmware
< 100.008.028.05200
xerox/altalink_b8055_firmware
< 100.008.028.05200
xerox/altalink_b8065_firmware
< 100.008.028.05200
xerox/altalink_b8075_firmware
< 100.008.028.05200
xerox/altalink_b8090_firmware
< 100.008.028.05200
xerox/altalink_c8030_firmware
< 100.001.028.05200
xerox/altalink_c8035_firmware
< 100.001.028.05200
xerox/altalink_c8045_firmware
< 100.002.028.05200
xerox/altalink_c8055_firmware
< 100.002.028.05200
xerox/altalink_c8070_firmware
< 100.003.028.05200
Published
Jan 03, 2019
Tracked Since
Feb 18, 2026