Xerox Phaser 3320 V53.006.16.000 Google Cloud Print memcpy Parameter out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.8 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Xerox Phaser 3320 V53.006.16.000. Affected by this vulnerability is the function memcpy of the component Google Cloud Print. The manipulation as part of Parameter leads to out-of-bounds write.
This vulnerability is uniquely identified as CVE-2019-13171. Local access is required to approach this attack. No exploit exists.
Details
A vulnerability was found in Xerox Phaser 3320 V53.006.16.000 and classified as problematic. This issue affects the function memcpy of the component Google Cloud Print. The manipulation as part of a Parameter leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.
The weakness was disclosed 03/13/2020. The identification of this vulnerability is CVE-2019-13171 since 07/02/2019. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The entries VDB-151548, VDB-151546, VDB-151545 and VDB-151544 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.xerox.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.9VulDB Meta Temp Score: 7.9
VulDB Base Score: 5.9
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
07/02/2019 🔍03/13/2020 🔍
03/14/2020 🔍
04/16/2024 🔍
Sources
Vendor: xerox.comAdvisory: security.business.xerox.com
Status: Not defined
CVE: CVE-2019-13171 (🔍)
GCVE (CVE): GCVE-0-2019-13171
GCVE (VulDB): GCVE-100-151547
See also: 🔍
Entry
Created: 03/14/2020 07:14Updated: 04/16/2024 08:48
Changes: 03/14/2020 07:14 (38), 03/14/2020 07:19 (17), 04/16/2024 08:48 (17)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.