First published: Wed Apr 29 2020(Updated: )
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xerox Workcentre 3655 Firmware | <073.060.086.15410 | |
Xerox WorkCentre 3655 | ||
Xerox Workcentre 3655i Firmware | <073.060.086.15410 | |
Xerox Workcentre 3655i | ||
Xerox Workcentre 5865 Firmware | <073.190.086.15410 | |
Xerox Workcentre 5865 | ||
Xerox Workcentre 5875 Firmware | <073.190.086.15410 | |
Xerox Workcentre 5875 | ||
Xerox Workcentre 5890 Firmware | <073.190.086.15410 | |
Xerox Workcentre 5890 | ||
Xerox Workcentre 5865i Firmware | <073.190.086.15410 | |
Xerox Workcentre 5865i | ||
Xerox Workcentre 5875i Firmware | <073.190.086.15410 | |
Xerox Workcentre 5875i | ||
Xerox Workcentre 5890i Firmware | <073.190.086.15410 | |
Xerox Workcentre 5890i | ||
Xerox Workcentre 5945 Firmware | <073.091.086.15410 | |
Xerox Workcentre 5945 | ||
Xerox Workcentre 5955 Firmware | <073.091.086.15410 | |
Xerox Workcentre 5955 | ||
Xerox Workcentre 5945i Firmware | <073.091.086.15410 | |
Xerox Workcentre 5945i | ||
Xerox Workcentre 5955i Firmware | <073.091.086.15410 | |
Xerox Workcentre 5955i | ||
Xerox Workcentre 6655 Firmware | <073.110.086.15410 | |
Xerox Workcentre 6655 | ||
Xerox Workcentre 6655i Firmware | <073.110.086.15410 | |
Xerox Workcentre 6655i | ||
Xerox Workcentre 7200 Firmware | <073.030.086.15410 | |
Xerox Workcentre 7200 | ||
Xerox Workcentre 7200i Firmware | <073.030.086.15410 | |
Xerox Workcentre 7200i | ||
Xerox Workcentre 7225i Firmware | <073.030.086.15410 | |
Xerox Workcentre 7225i | ||
Xerox Workcentre 7830 Firmware | <073.010.086.15410 | |
Xerox Workcentre 7830 | ||
Xerox Workcentre 7835 Firmware | <073.010.086.15410 | |
Xerox Workcentre 7835 | ||
Xerox Workcentre 7845 Firmware | <073.010.086.15410 | |
Xerox Workcentre 7845 | ||
Xerox Workcentre 7855 Firmware | <073.010.086.15410 | |
Xerox Workcentre 7855 | ||
Xerox Workcentre 7970 Firmware | <073.200.086.15410 | |
Xerox Workcentre 7970 | ||
Xerox Workcentre 7970i Firmware | <073.200.086.15410 | |
Xerox Workcentre 7970i | ||
Xerox Workcentre 7225 Firmware | <073.030.086.15410 | |
Xerox Workcentre 7225 | ||
Xerox Workcentre 7220 Firmware | <073.030.086.15410 | |
Xerox Workcentre 7220 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-11061 is a vulnerability in Xerox WorkCentre devices that allows an unauthenticated attacker to execute OS commands.
CVE-2016-11061 has a severity level of critical.
CVE-2016-11061 affects Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410.
An unauthenticated attacker can exploit CVE-2016-11061 by executing OS commands through the support/remoteUI/configrui.php script.
Yes, updating Xerox WorkCentre devices to version 073.xxx.086.15410 or later will fix CVE-2016-11061.