CVE-2022-23968

Published Jan 26, 2022

Last updated 3 months ago

CVSS high 7.5

Overview

Description: Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-835

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DC96F0E-C543-4E21-8C17-D45E3253F67D",
            "versionEndIncluding": "42.01"
          },
          {
            "criteria": "cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BD42729-E413-4251-9D48-149262FD345A",
            "versionEndIncluding": "50.61",
            "versionStartIncluding": "50.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6371B2E-7D30-4EE1-BA02-C80BAD217C80"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b405:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5919C7E6-3005-4737-AAD3-A6531C605DC5"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2C631EF-0AA0-4D06-868D-099862B5550A"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b610:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1980B9F3-19AB-4815-8452-AE42821263ED"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b7025:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE6EA77E-C999-462B-9605-878940771608"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b7030:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9FB9A38-795D-4D74-A1E9-CEBAC7502D1C"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_b7035:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE9FF2BE-5998-4795-8237-9111D47B7C18"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0332FC06-B7B4-49CB-BACC-DEF2A8EEE0F7"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c405:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D7B6C70-5272-47B2-BC5F-B1F9DFCA7C42"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "053A2DDD-5314-455D-8793-ADA8CEEDF7F7"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c505:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43A83540-B071-4EE3-A98D-1BEE3C8FD3E5"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4DCD5A6F-DF0C-4C82-88BA-7CC5FE1EED2C"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c605:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73BF6B1C-15E4-4C01-A571-1E6FB737ECAA"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3A937272-E36B-420D-8407-D44C78ACEC65"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c7020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2112B6B-C983-4323-AAE5-364272C2C070"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c7025:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3812A4B0-D2DA-4180-9AC8-FF547A501C0C"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c7030:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BBD3D52F-B865-4217-8CF0-ACEABDB68378"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE1A0557-4A74-45F7-8B98-447454BF8A58"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c8000w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "955EEB44-F267-4463-A7D0-462664EC0C85"
          },
          {
            "criteria": "cpe:2.3:h:xerox:versalink_c9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4297DF3C-E132-4300-B891-9732EE003C3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References