CVE-2019-10880
Published Apr 12, 2019
Last updated 5 years ago
Overview
- Description
- Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
- Source
- cert@airbus.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2764BB3A-9201-49C4-9774-C8906FE14741"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2CDCD57-1A53-41C3-AE50-4EFAD1F8E636",
"versionEndExcluding": "072.161.009.07200"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "59018173-83A8-4389-8AE2-BB987144C1A5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FB5A103-83B9-4684-9B11-04C9A9001354",
"versionEndExcluding": "072.161.009.07200"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "99B41C5B-0045-49E8-B34D-67FD42449B44"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E24AA3BC-06CC-4D61-9A43-939B6289F7C4",
"versionEndExcluding": "072.180.009.07200"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A20F7D5C-7187-40E3-8C3F-3F70729AF2CE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "727615E8-7289-4B06-89C2-3B9D0597C8D9",
"versionEndExcluding": "072.180.009.07200"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "847E973A-3C1A-4969-B6BD-E56CC49BC7AD"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58960946-14EF-4FDB-9735-C0B1060384C9",
"versionEndExcluding": "072.180.009.07200"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]