Sign-up

ID

VAR-202003-0916


CVE

CVE-2019-13166


TITLE

plural Xerox Inadequate protection of credentials in printer vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014944

DESCRIPTION

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. plural Xerox Printers are vulnerable to inadequate protection of credentials.Information may be obtained. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality

Trust: 2.25

sources: NVD: CVE-2019-13166 // JVNDB: JVNDB-2019-014944 // CNVD: CNVD-2020-19217 // VULMON: CVE-2019-13166

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19217

AFFECTED PRODUCTS

vendor:xeroxmodel:phaser 3320scope:eqversion:v53.006.16.000

Trust: 1.0

vendor:xeroxmodel:phaser 3320scope: - version: -

Trust: 0.8

vendor:fujimodel:xerox phaserscope:eqversion:3320v53.006.16.000

Trust: 0.6

sources: CNVD: CNVD-2020-19217 // JVNDB: JVNDB-2019-014944 // NVD: CVE-2019-13166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13166
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014944
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-19217
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-871
value: HIGH

Trust: 0.6

VULMON: CVE-2019-13166
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13166
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014944
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19217
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13166
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014944
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19217 // VULMON: CVE-2019-13166 // JVNDB: JVNDB-2019-014944 // CNNVD: CNNVD-202003-871 // NVD: CVE-2019-13166

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2019-014944 // NVD: CVE-2019-13166

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-871

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-871

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014944

PATCH
title:Xerox Security Information, Bulletins and Advisory Responsesurl:https://security.business.xerox.com/
Trust: 0.8
title:Patch for Fuji Xerox printers have unknown vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/210747
Trust: 0.6
title:Xerox Phaser 3320 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112346
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19217 // 
            
            
            
            JVNDB: JVNDB-2019-014944 // 
            
            
            
            CNNVD: CNNVD-202003-871

EXTERNAL IDS
db:NVDid:CVE-2019-13166
Trust: 3.1
db:JVNDBid:JVNDB-2019-014944
Trust: 0.8
db:CNVDid:CNVD-2020-19217
Trust: 0.6
db:CNNVDid:CNNVD-202003-871
Trust: 0.6
db:VULMONid:CVE-2019-13166
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19217 // 
            
            
            
            VULMON: CVE-2019-13166 // 
            
            
            
            JVNDB: JVNDB-2019-014944 // 
            
            
            
            CNNVD: CNNVD-202003-871 // 
            
            
            
            NVD: CVE-2019-13166

REFERENCES
url:https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13166
Trust: 2.0
url:https://security.business.xerox.com/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13166
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/307.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19217 // 
            
            
            
            VULMON: CVE-2019-13166 // 
            
            
            
            JVNDB: JVNDB-2019-014944 // 
            
            
            
            CNNVD: CNNVD-202003-871 // 
            
            
            
            NVD: CVE-2019-13166

SOURCES
db:CNVDid:CNVD-2020-19217
db:VULMONid:CVE-2019-13166
db:JVNDBid:JVNDB-2019-014944
db:CNNVDid:CNNVD-202003-871
db:NVDid:CVE-2019-13166

LAST UPDATE DATE
2024-11-23T22:48:07.324000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19217date:2020-03-25T00:00:00
db:VULMONid:CVE-2019-13166date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-014944date:2020-03-30T00:00:00
db:CNNVDid:CNNVD-202003-871date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13166date:2024-11-21T04:24:20.360

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19217date:2020-03-25T00:00:00
db:VULMONid:CVE-2019-13166date:2020-03-13T00:00:00
db:JVNDBid:JVNDB-2019-014944date:2020-03-30T00:00:00
db:CNNVDid:CNNVD-202003-871date:2020-03-13T00:00:00
db:NVDid:CVE-2019-13166date:2020-03-13T19:15:14.587