CVE-2018-20768: Code Injection
First published: Sun Feb 10 2019(Updated: )
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xerox Workcentre 3655i Firmware | <073.060.048.15000 | |
| Xerox Workcentre 3655i Firmware | ||
| Xerox Workcentre 3655i Firmware | <073.060.048.15000 | |
| Xerox WorkCentre 3655 Firmware | ||
| Xerox Workcentre 5890i Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5890i Firmware | ||
| Xerox Workcentre 5865 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5865 | ||
| Xerox Workcentre 5875 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5875 Firmware | ||
| Xerox Workcentre 5845 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5845 | ||
| Xerox Workcentre 5865 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5865 Firmware | ||
| Xerox Workcentre 5875 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5875 Firmware | ||
| Xerox Workcentre 5890i Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5890i Firmware | ||
| Xerox Workcentre 5900 Firmware | <073.091.048.15000 | |
| Xerox Workcentre 5900 Firmware | ||
| Xerox Workcentre 5900 Firmware | <073.091.048.15000 | |
| Xerox Workcentre 5900i Firmware | ||
| Xerox Workcentre 6655i Firmware | <073.110.048.15000 | |
| Xerox Workcentre 6655 Firmware | ||
| Xerox Workcentre 6655 Firmware | <073.110.048.15000 | |
| Xerox Workcentre 6655 Firmware | ||
| Xerox Workcentre 7855i | <073.040.048.15000 | |
| Xerox Workcentre 7855 Firmware | ||
| Xerox Workcentre 7225i Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7225i Firmware | ||
| Xerox Workcentre 7220 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7220i Firmware | ||
| Xerox Workcentre 7220 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7220i Firmware | ||
| Xerox Workcentre 7225 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7225i Firmware | ||
| Xerox Workcentre 7855 Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7855i | ||
| Xerox Workcentre 7845i Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7845i Firmware | ||
| Xerox Workcentre 7835 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7835i Firmware | ||
| Xerox Workcentre 7830i Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7830i Firmware | ||
| Xerox Workcentre 7830 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7830 Firmware | ||
| Xerox Workcentre 7835 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7835i | ||
| Xerox Workcentre 7845i Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7845 | ||
| Xerox Workcentre 7970i Firmware | <073.200.048.15000 | |
| Xerox Workcentre 7970i | ||
| Xerox Workcentre 7970 Firmware | <073.200.048.15000 | |
| Xerox Workcentre 7970 | ||
| Xerox Workcentre Ec7836 Firmware | <073.050.048.15000 | |
| Xerox WorkCentre EC7836 | ||
| Xerox Workcentre Ec7856 Firmware | <073.020.048.15000 | |
| Xerox Workcentre Ec7856 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-20768?
CVE-2018-20768 has a high severity rating due to the ability of an attacker to execute arbitrary PHP code.
How do I fix CVE-2018-20768?
To fix CVE-2018-20768, update the firmware of your affected Xerox WorkCentre device to version R18-05 073.xxx.0487.15000 or later.
Which devices are affected by CVE-2018-20768?
CVE-2018-20768 affects multiple Xerox WorkCentre models including 3655, 3685, 58XX series, 59XX series, and others prior to specific firmware updates.
What kind of attack is facilitated by CVE-2018-20768?
CVE-2018-20768 allows an attacker to write to a specific file leading to arbitrary code execution, posing a significant security risk.
Is there a public reference for CVE-2018-20768?
Yes, Xerox has released a mini bulletin detailing CVE-2018-20768 and necessary actions to mitigate the vulnerability.
- agent/type
- agent/references
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xerox
- canonical/xerox workcentre 3655i firmware
- canonical/xerox workcentre 3655 firmware
- canonical/xerox workcentre 5890i firmware
- canonical/xerox workcentre 5865 firmware
- canonical/xerox workcentre 5865
- canonical/xerox workcentre 5875 firmware
- canonical/xerox workcentre 5845 firmware
- canonical/xerox workcentre 5845
- canonical/xerox workcentre 5900 firmware
- canonical/xerox workcentre 5900i firmware
- canonical/xerox workcentre 6655i firmware
- canonical/xerox workcentre 6655 firmware
- canonical/xerox workcentre 7855i
- canonical/xerox workcentre 7855 firmware
- canonical/xerox workcentre 7225i firmware
- canonical/xerox workcentre 7220 firmware
- canonical/xerox workcentre 7220i firmware
- canonical/xerox workcentre 7225 firmware
- canonical/xerox workcentre 7845i firmware
- canonical/xerox workcentre 7835 firmware
- canonical/xerox workcentre 7835i firmware
- canonical/xerox workcentre 7830i firmware
- canonical/xerox workcentre 7830 firmware
- canonical/xerox workcentre 7835i
- canonical/xerox workcentre 7845
- canonical/xerox workcentre 7970i firmware
- canonical/xerox workcentre 7970i
- canonical/xerox workcentre 7970 firmware
- canonical/xerox workcentre 7970
- canonical/xerox workcentre ec7836 firmware
- canonical/xerox workcentre ec7836
- canonical/xerox workcentre ec7856 firmware