ID
VAR-202003-0921
CVE
CVE-2019-13171
TITLE
plural Xerox Out-of-bounds write vulnerabilities in printers
Trust: 0.8
DESCRIPTION
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. plural Xerox The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | xerox | model: | phaser 3320 | scope: | eq | version: | v53.006.16.000 | Trust: 1.0 |
| vendor: | xerox | model: | phaser 3320 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fuji | model: | xerox phaser | scope: | eq | version: | 3320v53.006.16.000 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Xerox Security Information, Bulletins and Advisory Responses | url: | https://security.business.xerox.com/ | Trust: 0.8 |
| title: | Patch for Fuji Xerox printers buffer overflow vulnerability (CNVD-2020-19214) | url: | https://www.cnvd.org.cn/patchInfo/show/210737 | Trust: 0.6 |
| title: | Xerox Phaser 3320 Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112073 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-13171 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-014941 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-19214 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202003-852 | Trust: 0.6 |
REFERENCES
| url: | https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/ | Trust: 2.4 |
| url: | https://security.business.xerox.com/ | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13171 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13171 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13169 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-19214 |
| db: | JVNDB | id: | JVNDB-2019-014941 |
| db: | CNNVD | id: | CNNVD-202003-852 |
| db: | NVD | id: | CVE-2019-13171 |
LAST UPDATE DATE
2024-11-23T21:59:23.415000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-19214 | date: | 2020-03-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014941 | date: | 2020-03-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-202003-852 | date: | 2020-04-02T00:00:00 |
| db: | NVD | id: | CVE-2019-13171 | date: | 2024-11-21T04:24:21.120 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-19214 | date: | 2020-03-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014941 | date: | 2020-03-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-202003-852 | date: | 2020-03-13T00:00:00 |
| db: | NVD | id: | CVE-2019-13171 | date: | 2020-03-13T19:15:15.277 |