critical
10
CWE
78
Advisory Published
Updated

CVE-2016-11061: OS Command Injection

First published: Wed Apr 29 2020(Updated: )

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Xerox Workcentre 3655 Firmware<073.060.086.15410
Xerox WorkCentre 3655
Xerox Workcentre 3655i Firmware<073.060.086.15410
Xerox Workcentre 3655i
Xerox Workcentre 5865 Firmware<073.190.086.15410
Xerox Workcentre 5865
Xerox Workcentre 5875 Firmware<073.190.086.15410
Xerox Workcentre 5875
Xerox Workcentre 5890 Firmware<073.190.086.15410
Xerox Workcentre 5890
Xerox Workcentre 5865i Firmware<073.190.086.15410
Xerox Workcentre 5865i
Xerox Workcentre 5875i Firmware<073.190.086.15410
Xerox Workcentre 5875i
Xerox Workcentre 5890i Firmware<073.190.086.15410
Xerox Workcentre 5890i
Xerox Workcentre 5945 Firmware<073.091.086.15410
Xerox Workcentre 5945
Xerox Workcentre 5955 Firmware<073.091.086.15410
Xerox Workcentre 5955
Xerox Workcentre 5945i Firmware<073.091.086.15410
Xerox Workcentre 5945i
Xerox Workcentre 5955i Firmware<073.091.086.15410
Xerox Workcentre 5955i
Xerox Workcentre 6655 Firmware<073.110.086.15410
Xerox Workcentre 6655
Xerox Workcentre 6655i Firmware<073.110.086.15410
Xerox Workcentre 6655i
Xerox Workcentre 7200 Firmware<073.030.086.15410
Xerox Workcentre 7200
Xerox Workcentre 7200i Firmware<073.030.086.15410
Xerox Workcentre 7200i
Xerox Workcentre 7225i Firmware<073.030.086.15410
Xerox Workcentre 7225i
Xerox Workcentre 7830 Firmware<073.010.086.15410
Xerox Workcentre 7830
Xerox Workcentre 7835 Firmware<073.010.086.15410
Xerox Workcentre 7835
Xerox Workcentre 7845 Firmware<073.010.086.15410
Xerox Workcentre 7845
Xerox Workcentre 7855 Firmware<073.010.086.15410
Xerox Workcentre 7855
Xerox Workcentre 7970 Firmware<073.200.086.15410
Xerox Workcentre 7970
Xerox Workcentre 7970i Firmware<073.200.086.15410
Xerox Workcentre 7970i
Xerox Workcentre 7225 Firmware<073.030.086.15410
Xerox Workcentre 7225
Xerox Workcentre 7220 Firmware<073.030.086.15410
Xerox Workcentre 7220

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2016-11061?

    CVE-2016-11061 is a vulnerability in Xerox WorkCentre devices that allows an unauthenticated attacker to execute OS commands.

  • What is the severity level of CVE-2016-11061?

    CVE-2016-11061 has a severity level of critical.

  • How does CVE-2016-11061 affect Xerox WorkCentre devices?

    CVE-2016-11061 affects Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410.

  • How can an attacker exploit CVE-2016-11061?

    An unauthenticated attacker can exploit CVE-2016-11061 by executing OS commands through the support/remoteUI/configrui.php script.

  • Is there a fix for CVE-2016-11061?

    Yes, updating Xerox WorkCentre devices to version 073.xxx.086.15410 or later will fix CVE-2016-11061.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203