CVE-2016-11061

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-11061
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:xerox:workcentre_5945_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5945:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:xerox:workcentre_5955_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5955:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:xerox:workcentre_5945i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5945i:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:xerox:workcentre_5955i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_5955i:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:xerox:workcentre_7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7200:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:xerox:workcentre_7200i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7200i:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2020-04-29 22:15

Updated : 2024-02-04 21:00

NVD link : CVE-2016-11061

Mitre link : CVE-2016-11061

CVE.ORG link : CVE-2016-11061

JSON object : View

Products Affected

xerox

  • workcentre_5890_firmware
  • workcentre_5945
  • workcentre_7830_firmware
  • workcentre_7220_firmware
  • workcentre_5875_firmware
  • workcentre_5865i
  • workcentre_5955_firmware
  • workcentre_6655
  • workcentre_3655i
  • workcentre_7845_firmware
  • workcentre_5945i_firmware
  • workcentre_7200_firmware
  • workcentre_7225i
  • workcentre_6655i
  • workcentre_3655_firmware
  • workcentre_7225i_firmware
  • workcentre_7835_firmware
  • workcentre_7225_firmware
  • workcentre_5865
  • workcentre_6655_firmware
  • workcentre_7970i_firmware
  • workcentre_7200i
  • workcentre_7200
  • workcentre_3655
  • workcentre_5875i
  • workcentre_7855
  • workcentre_7970i
  • workcentre_7835
  • workcentre_3655i_firmware
  • workcentre_5945i
  • workcentre_5875
  • workcentre_5865_firmware
  • workcentre_5890i
  • workcentre_7225
  • workcentre_6655i_firmware
  • workcentre_5890i_firmware
  • workcentre_7970
  • workcentre_5865i_firmware
  • workcentre_5955
  • workcentre_7855_firmware
  • workcentre_5955i
  • workcentre_5955i_firmware
  • workcentre_5875i_firmware
  • workcentre_7220
  • workcentre_7845
  • workcentre_5945_firmware
  • workcentre_7830
  • workcentre_5890
  • workcentre_7200i_firmware
  • workcentre_7970_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')