Versio.io

CVE-2022-23968

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 26-01-2022 07:15
Last modified: - 03-02-2022 04:46
Total changes: - 2

Description

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

AND
OR
vendor=xerox AND product=versalink_firmware AND versionEndIncluding=42.01
vendor=xerox AND product=versalink_firmware AND versionEndIncluding=50.61 AND versionStartIncluding=50.00
OR
vendor=xerox AND product=versalink_b400 AND version=-
vendor=xerox AND product=versalink_b405 AND version=-
vendor=xerox AND product=versalink_b600 AND version=-
vendor=xerox AND product=versalink_b610 AND version=-
vendor=xerox AND product=versalink_b7025 AND version=-
vendor=xerox AND product=versalink_b7030 AND version=-
vendor=xerox AND product=versalink_b7035 AND version=-
vendor=xerox AND product=versalink_c400 AND version=-
vendor=xerox AND product=versalink_c405 AND version=-
vendor=xerox AND product=versalink_c500 AND version=-
vendor=xerox AND product=versalink_c505 AND version=-
vendor=xerox AND product=versalink_c600 AND version=-
vendor=xerox AND product=versalink_c605 AND version=-
vendor=xerox AND product=versalink_c7000 AND version=-
vendor=xerox AND product=versalink_c7020 AND version=-
vendor=xerox AND product=versalink_c7025 AND version=-
vendor=xerox AND product=versalink_c7030 AND version=-
vendor=xerox AND product=versalink_c8000 AND version=-
vendor=xerox AND product=versalink_c8000w AND version=-
vendor=xerox AND product=versalink_c9000 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2022-23968

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.