CVE-2022-23968
Published Jan 26, 2022
Last updated 3 years ago
Overview
- Description
- Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-835
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DC96F0E-C543-4E21-8C17-D45E3253F67D",
"versionEndIncluding": "42.01"
},
{
"criteria": "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BD42729-E413-4251-9D48-149262FD345A",
"versionEndIncluding": "50.61",
"versionStartIncluding": "50.00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xerox:versalink_b400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F6371B2E-7D30-4EE1-BA02-C80BAD217C80"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b405:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5919C7E6-3005-4737-AAD3-A6531C605DC5"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2C631EF-0AA0-4D06-868D-099862B5550A"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b610:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1980B9F3-19AB-4815-8452-AE42821263ED"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b7025:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE6EA77E-C999-462B-9605-878940771608"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b7030:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F9FB9A38-795D-4D74-A1E9-CEBAC7502D1C"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_b7035:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE9FF2BE-5998-4795-8237-9111D47B7C18"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0332FC06-B7B4-49CB-BACC-DEF2A8EEE0F7"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c405:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5D7B6C70-5272-47B2-BC5F-B1F9DFCA7C42"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "053A2DDD-5314-455D-8793-ADA8CEEDF7F7"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c505:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43A83540-B071-4EE3-A98D-1BEE3C8FD3E5"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4DCD5A6F-DF0C-4C82-88BA-7CC5FE1EED2C"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c605:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "73BF6B1C-15E4-4C01-A571-1E6FB737ECAA"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c7000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3A937272-E36B-420D-8407-D44C78ACEC65"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c7020:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2112B6B-C983-4323-AAE5-364272C2C070"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c7025:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3812A4B0-D2DA-4180-9AC8-FF547A501C0C"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c7030:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BBD3D52F-B865-4217-8CF0-ACEABDB68378"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c8000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EE1A0557-4A74-45F7-8B98-447454BF8A58"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c8000w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "955EEB44-F267-4463-A7D0-462664EC0C85"
},
{
"criteria": "cpe:2.3:h:xerox:versalink_c9000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4297DF3C-E132-4300-B891-9732EE003C3D"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]