{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6333", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-06-25T18:31:05.065Z", "datePublished": "2024-10-17T13:51:16.011Z", "dateUpdated": "2024-10-29T05:02:50.054Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AltaLink\u00ae B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807", "vendor": "Xerox", "versions": [{"status": "affected", "version": "103.xxx.024.18600", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Xerox\u00ae EC8036 / EC8056", "vendor": "Xerox", "versions": [{"status": "affected", "version": "103.xxx.024.18600"}]}, {"defaultStatus": "unaffected", "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2022)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "103.023.031.35105"}]}, {"defaultStatus": "unaffected", "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2024)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "103.xxx.013.14115"}]}, {"defaultStatus": "unaffected", "product": "AltaLink\u00aeC8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "119.xxx.023.13006"}]}, {"defaultStatus": "unaffected", "product": "AltaLink\u00ae C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "111.xxx.003.11600"}]}, {"defaultStatus": "unaffected", "product": "VersaLink\u00ae B625 / C625 | B425 / C425 Common Criteria Certified (2024)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "119.xxx.003.11705"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 3655/3655i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.060.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 5945/55i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.091.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 6655/6655i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.110.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 7220/7225i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.030.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 7830/7835i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.010 004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 7845/7855i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.040.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 7845/7855 (IBG)", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.080.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre 7970/7970i", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.200.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre EC7836", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.050.004.07810"}]}, {"defaultStatus": "unaffected", "product": "WorkCentre EC7856", "vendor": "Xerox", "versions": [{"status": "affected", "version": "075.020.004.07810"}]}], "datePublic": "2024-10-16T13:46:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products."}], "value": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products."}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2024-10-17T14:02:06.662Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "xerox", "product": "altalink_firmware", "cpes": ["cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "103.xxx.024.18600", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "119.xxx.023.13006", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "111.xxx.003.11600", "versionType": "custom"}]}, {"vendor": "xerox", "product": "versalink_firmware", "cpes": ["cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "119.xxx.003.11705", "versionType": "custom"}]}, {"vendor": "xerox", "product": "workcentre_firmware", "cpes": ["cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "075.060.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.091.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.110.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.030.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.010 004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.040.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.080.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.200.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.050.004.07810", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "075.020.004.07810", "versionType": "custom"}]}, {"vendor": "xerox", "product": "xerox_firmware", "cpes": ["cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "103.xxx.024.18600", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "103.023.031.35105", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "103.xxx.013.14115", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T18:32:51.988456Z", "id": "CVE-2024-6333", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T19:19:55.218Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Oct/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-29T05:02:50.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Oct/17"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-29T05:02:50.054Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6333", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-25T18:32:51.988456Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:xerox:altalink_firmware:*:*:*:*:*:*:*:*"], "vendor": "xerox", "product": "altalink_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "103.xxx.024.18600", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "119.xxx.023.13006", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "111.xxx.003.11600", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:xerox:versalink_firmware:*:*:*:*:*:*:*:*"], "vendor": "xerox", "product": "versalink_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "119.xxx.003.11705", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:xerox:workcentre_firmware:*:*:*:*:*:*:*:*"], "vendor": "xerox", "product": "workcentre_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "075.060.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.091.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.110.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.030.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.010 004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.040.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.080.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.200.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.050.004.07810", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "075.020.004.07810", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:xerox:xerox_firmware:*:*:*:*:*:*:*:*"], "vendor": "xerox", "product": "xerox_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "103.xxx.024.18600", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "103.023.031.35105", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "103.xxx.013.14115", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T19:07:14.743Z"}}], "cna": {"title": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xerox", "product": "AltaLink\u00ae B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807", "versions": [{"status": "affected", "version": "103.xxx.024.18600", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "Xerox\u00ae EC8036 / EC8056", "versions": [{"status": "affected", "version": "103.xxx.024.18600"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2022)", "versions": [{"status": "affected", "version": "103.023.031.35105"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "Xerox\u00ae EC8036 / EC8056 - Common Criteria (June 2024)", "versions": [{"status": "affected", "version": "103.xxx.013.14115"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "AltaLink\u00aeC8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)", "versions": [{"status": "affected", "version": "119.xxx.023.13006"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "AltaLink\u00ae C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)", "versions": [{"status": "affected", "version": "111.xxx.003.11600"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "VersaLink\u00ae B625 / C625 | B425 / C425 Common Criteria Certified (2024)", "versions": [{"status": "affected", "version": "119.xxx.003.11705"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 3655/3655i", "versions": [{"status": "affected", "version": "075.060.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 5945/55i", "versions": [{"status": "affected", "version": "075.091.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 6655/6655i", "versions": [{"status": "affected", "version": "075.110.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 7220/7225i", "versions": [{"status": "affected", "version": "075.030.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 7830/7835i", "versions": [{"status": "affected", "version": "075.010 004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 7845/7855i", "versions": [{"status": "affected", "version": "075.040.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 7845/7855 (IBG)", "versions": [{"status": "affected", "version": "075.080.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre 7970/7970i", "versions": [{"status": "affected", "version": "075.200.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre EC7836", "versions": [{"status": "affected", "version": "075.050.004.07810"}], "defaultStatus": "unaffected"}, {"vendor": "Xerox", "product": "WorkCentre EC7856", "versions": [{"status": "affected", "version": "075.020.004.07810"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-16T13:46:00.000Z", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.", "supportingMedia": [{"type": "text/html", "value": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2024-10-17T14:02:06.662Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6333", "state": "PUBLISHED", "dateUpdated": "2024-10-29T05:02:50.054Z", "dateReserved": "2024-06-25T18:31:05.065Z", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "datePublished": "2024-10-17T13:51:16.011Z", "assignerShortName": "Xerox"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products."}, {"lang": "es", "value": "Ejecuci\u00f3n remota de c\u00f3digo autenticada en Altalink, Versalink & WorkCentre Products. "}], "id": "CVE-2024-6333", "lastModified": "2024-11-21T09:49:27.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}]}, "published": "2024-10-17T14:15:14.287", "references": [{"source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Oct/17"}], "sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-77"}], "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}]}

{}