CVE-2018-20771

CRITICAL

Xerox WorkCentre 3655/3655i/58XX/58XXi/59XX/59XXi - Unauthenticated Remote Command Execution

Title source: llm
STIX 2.1

Description

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.

Scores

CVSS v3 9.8
EPSS 0.0308
EPSS Percentile 86.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (29)
xerox/workcentre_3655_firmware < 073.060.048.15000
xerox/workcentre_3655i_firmware < 073.060.048.15000
xerox/workcentre_5845_firmware < 073.190.048.15000
xerox/workcentre_5865_firmware < 073.190.048.15000
xerox/workcentre_5865i_firmware < 073.190.048.15000
xerox/workcentre_5875_firmware < 073.190.048.15000
xerox/workcentre_5875i_firmware < 073.190.048.15000
xerox/workcentre_5890_firmware < 073.190.048.15000
xerox/workcentre_5890i_firmware < 073.190.048.15000
xerox/workcentre_5900_firmware < 073.091.048.15000
... and 19 more
Published Feb 10, 2019
Tracked Since Feb 18, 2026