A vulnerability, which was classified as critical, was found in Xerox Phaser 3320 V53.006.16.000. This affects some unknown functionality of the component HTTP Header Handler. The manipulation as part of a Content-Type leads to a buffer overflow vulnerability. CWE is classifying the issue as CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.

The weakness was published 03/13/2020. This vulnerability is uniquely identified as CVE-2019-13169 since 07/02/2019. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/14/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 151548, 151547, 151546 and 151544.

Productinfo

Vendor

• Xerox

Name

• Phaser 3320

Version

• V53.006.16.000

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion