CVE-2018-20770 Information

Feb 14, 2021 cve

Description

An issue was discovered on Xerox WorkCentre 3655 3655i 58XX 58XXi 59XX 59XXi 6655 6655i 72XX 72XXi 78XX 78XXi 7970 7970i EC7836 and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: