A vulnerability, which was classified as critical, has been found in Xerox Phaser 3320 V53.006.16.000. Affected by this issue is an unknown functionality of the component IPP Service. The manipulation as part of a Attribute leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.

The weakness was shared 03/13/2020. This vulnerability is handled as CVE-2019-13168 since 07/02/2019. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-151548, VDB-151547, VDB-151546 and VDB-151545 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Xerox

Name

• Phaser 3320

Version

• V53.006.16.000

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion