{"id": "CVE-2018-20768", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-10T17:29:00.293", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file."}, {"lang": "es", "value": "Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Un atacante puede ejecutar c\u00f3digo PHP aprovechando un archivo que puede ser escrito."}], "lastModified": "2019-02-13T14:16:11.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19352F1-8C33-4527-A746-9E10B9E24EAB", "versionEndExcluding": "073.060.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49DC396F-28EC-4B73-A471-CD3539A746A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B24AF28-BD13-4D9E-9FAE-200E68CD503C", "versionEndExcluding": "073.060.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9548A64-CBFA-4562-ACCF-DC9BA10B4FC8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34DD450-95E0-4C71-A508-569F0CC41639", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "231A161C-223D-4253-B865-7C13D346ADD7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "061430DE-FC6E-43EF-A9DE-6F5F54F8B5FA", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C19D2E4-7D96-4261-AC03-925CE75E63CE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B3F7482-F19F-4FFC-AE2D-B72D230E0869", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC484664-F7BE-41E5-A323-6093F9F25F6D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDF58A59-2FA4-4526-845C-05E304635DA6", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DC3F825-CDCA-4DE9-89B6-5B403BDDB09C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5865_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "034A6DA4-DBCF-405A-8D27-2115D8F7A9EC", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A860EC8-45B7-41EA-BC20-718AD988B200"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5875_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "551E13CE-AE2F-4F48-9325-89212230EBDD", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67800192-D3C8-49CD-8CDC-C4C71CF5155B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5890_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27FE77F4-4E70-45D4-A70C-C1F9BE9FEB10", "versionEndExcluding": "073.190.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5890:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2D92CC6-64D9-4DE3-BA4B-F9833C8F6462"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AFB8AE7-0496-4F86-B622-0D6117625A86", "versionEndExcluding": "073.091.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "384D37DE-BC08-4A8E-8E2C-CE84D7E2DEB0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_5900i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4C3C1DF-BA3A-468F-BFF6-2377C32BCD2F", "versionEndExcluding": "073.091.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_5900i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34C4AEFF-9A88-4DC8-AF5B-ABF95D899514"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BF6F45E-2C15-4769-9C2D-AACEDB4CD64E", "versionEndExcluding": "073.110.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24ED495D-E99F-40D1-B651-F39C77E307B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F60633B-F949-4C9B-984D-65C6FEEEDE61", "versionEndExcluding": "073.110.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75BE968D-572B-4E34-9AB5-D2B7779A3582"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66C4672C-29F0-4869-97C3-65513F129DC6", "versionEndExcluding": "073.040.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC95E9A5-0E1A-43AF-87D4-E9C06C780413"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "460E9A62-7E1A-42B3-81ED-A925D16A58BB", "versionEndExcluding": "073.030.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD9B953F-7360-4605-A016-E35DB388E73B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5FB1928-0D1A-44DE-B7A6-3E5151DBE244", "versionEndExcluding": "073.030.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1D36448-38F7-4C4B-A66F-8B96F360144C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7220i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "199355B1-D932-41A2-BF37-546A387B5973", "versionEndExcluding": "073.030.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7220i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F14C764-9AD4-4DD8-A079-9DA31218FFB8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7225i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E4F006-018D-4B1A-966D-8D1D469A051F", "versionEndExcluding": "073.030.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7225i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA084943-D663-4848-B788-AA0739BB0912"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7855i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B19ED3-FECC-4AE9-8A58-219280806BDC", "versionEndExcluding": "073.040.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7855i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0B5BD6E-7584-405D-A4BB-57FF6C001BB9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7845i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA87C09-B219-4D4F-98AD-2C8B0ACCB108", "versionEndExcluding": "073.040.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7845i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A1E69D8D-01A5-4484-BD58-502078C8B27B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7835i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "431C0C27-4FCF-482C-AC0C-E52C24D99C6F", "versionEndExcluding": "073.010.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7835i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E585989-9F6F-496F-A310-DC60236A3A43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7830i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6E16DF-C2A4-44AE-B391-47451CB449B0", "versionEndExcluding": "073.010.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7830i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "41CCFB73-5A0D-4617-A5E5-7CDC2480CFF2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81FE0CF2-25AF-444B-A80A-D71F7205F6E9", "versionEndExcluding": "073.010.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7372F31A-6EE3-4DB2-89BF-48E2DD45477C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F646A5CD-67E3-4384-8FBF-2EB8A29F495B", "versionEndExcluding": "073.010.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "327F1EC4-5FA3-4AFC-B1A0-5E0472BB7893"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B025C04C-05F5-4338-A839-F9D17B5CB1C9", "versionEndExcluding": "073.040.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "549583A3-16EF-4FF7-B9F2-50838ADBE3EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88C61A74-74F8-469A-AEE3-0B14A4FBCC69", "versionEndExcluding": "073.200.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF90B89B-6067-4CCD-BF54-8F0FB6106339"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89AED18E-37FC-4DD0-B8DD-AFA170BD61C1", "versionEndExcluding": "073.200.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD60A2AE-C2C6-498E-BC3F-6CA55BE1CE96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_ec7836_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AB3C031-3E05-4BAE-BA8D-41C2D75D0279", "versionEndExcluding": "073.050.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_ec7836:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "857118A6-D5A2-4949-83CF-03E7C5ECFBB6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:workcentre_ec7856_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17460651-5649-4A2C-ACAE-22F2DC686B75", "versionEndExcluding": "073.020.048.15000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre_ec7856:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE3B6C35-4A03-42C0-9D2A-45E9905283CD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}