CVE-2024-6333

Improper Input Validation (CWE-20)

Published: Oct 17, 2024 / Updated: 33d ago

010
CVSS 7.2EPSS 0.04%High
CVE info copied to clipboard

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-6333. See article

Oct 17, 2024 at 2:02 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 17, 2024 at 2:02 PM
CVE Assignment

NVD published the first details for CVE-2024-6333

Oct 17, 2024 at 2:15 PM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 17, 2024 at 2:15 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 18, 2024 at 11:28 AM
Static CVE Timeline Graph

Affected Systems

Xerox/WorkCentre
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Xerox Printers Authenticated Remote Code Execution Vulnerability exploit
Xerox Printers Authenticated Remote Code Execution
Authored by Timo Longin , Tamas Jos Site sec-consult.com Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. advisories CVE-2024-6333 Change Mirror Download SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) vulnerable version: see vulnerable versions below fixed version: see solution section below CVE number: CVE-2024-6333 impact: high homepage:
Xerox Printers Authenticated Remote Code Execution exploit
Xerox Printers Authenticated Remote Code Execution ≈ Packet Storm
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) vulnerable version: see vulnerable versions below fixed version: see solution section below CVE number: CVE-2024-6333 impact: high homepage: https://xerox.com found: 2023-12-14 by: Timo Longin (Office Vienna) Tamas Jos (Office Zurich) SEC Consult Vulnerability Lab An integrated part of SEC Consult, an Eviden business Europe
Xerox Printers Authenticated Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ====================================
See 24 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI