A vulnerability was found in Xerox Phaser 3320 V53.006.16.000 and classified as problematic. This issue affects the function memcpy of the component Google Cloud Print. The manipulation as part of a Parameter leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.

The weakness was disclosed 03/13/2020. The identification of this vulnerability is CVE-2019-13171 since 07/02/2019. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 151548, 151546, 151545 and 151544 are pretty similar.

Productinfo

Vendor

• Xerox

Name

• Phaser 3320

Version

• V53.006.16.000

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion