CVE-2018-20767

HIGH

Xerox WorkCentre Multiple Models < R18-05 073.xxx.0487.15000 - Authenticated RCE

Title source: llm
STIX 2.1

Description

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.

Scores

CVSS v3 8.8
EPSS 0.0224
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (29)
xerox/workcentre_3655_firmware < 073.060.048.15000
xerox/workcentre_3655i_firmware < 073.060.048.15000
xerox/workcentre_5845_firmware < 073.190.048.15000
xerox/workcentre_5865_firmware < 073.190.048.15000
xerox/workcentre_5865i_firmware < 073.190.048.15000
xerox/workcentre_5875_firmware < 073.190.048.15000
xerox/workcentre_5875i_firmware < 073.190.048.15000
xerox/workcentre_5890_firmware < 073.190.048.15000
xerox/workcentre_5890i_firmware < 073.190.048.15000
xerox/workcentre_5900_firmware < 073.091.048.15000
... and 19 more
Published Feb 10, 2019
Tracked Since Feb 18, 2026