CVE-2019-10880

Published Apr 12, 2019

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
Source: cert@airbus.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78
cert@airbus.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:colorqube_8700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2764BB3A-9201-49C4-9774-C8906FE14741"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:colorqube_8700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2CDCD57-1A53-41C3-AE50-4EFAD1F8E636",
            "versionEndExcluding": "072.161.009.07200"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:colorqube_8900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "59018173-83A8-4389-8AE2-BB987144C1A5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:colorqube_8900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FB5A103-83B9-4684-9B11-04C9A9001354",
            "versionEndExcluding": "072.161.009.07200"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:colorqube_9301:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "99B41C5B-0045-49E8-B34D-67FD42449B44"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:colorqube_9301_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E24AA3BC-06CC-4D61-9A43-939B6289F7C4",
            "versionEndExcluding": "072.180.009.07200"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:colorqube_9302:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A20F7D5C-7187-40E3-8C3F-3F70729AF2CE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:colorqube_9302_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "727615E8-7289-4B06-89C2-3B9D0597C8D9",
            "versionEndExcluding": "072.180.009.07200"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:colorqube_9303:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "847E973A-3C1A-4969-B6BD-E56CC49BC7AD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:colorqube_9303_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58960946-14EF-4FDB-9735-C0B1060384C9",
            "versionEndExcluding": "072.180.009.07200"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References