CVE-2018-20770: SQL Injection
First published: Sun Feb 10 2019(Updated: )
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xerox Workcentre 3655i Firmware | <073.060.048.15000 | |
| Xerox Workcentre 3655i Firmware | ||
| Xerox Workcentre 3655i Firmware | <073.060.048.15000 | |
| Xerox WorkCentre 3655 Firmware | ||
| Xerox Workcentre 5890i Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5890i Firmware | ||
| Xerox Workcentre 5865 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5865 | ||
| Xerox Workcentre 5875 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5875 Firmware | ||
| Xerox Workcentre 5845 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5845 | ||
| Xerox Workcentre 5865 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5865 Firmware | ||
| Xerox Workcentre 5875 Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5875 Firmware | ||
| Xerox Workcentre 5890i Firmware | <073.190.048.15000 | |
| Xerox Workcentre 5890i Firmware | ||
| Xerox Workcentre 5900 Firmware | <073.091.048.15000 | |
| Xerox Workcentre 5900 Firmware | ||
| Xerox Workcentre 5900 Firmware | <073.091.048.15000 | |
| Xerox Workcentre 5900i Firmware | ||
| Xerox Workcentre 6655i Firmware | <073.110.048.15000 | |
| Xerox Workcentre 6655 Firmware | ||
| Xerox Workcentre 6655 Firmware | <073.110.048.15000 | |
| Xerox Workcentre 6655 Firmware | ||
| Xerox Workcentre 7855i | <073.040.048.15000 | |
| Xerox Workcentre 7855 Firmware | ||
| Xerox Workcentre 7225i Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7225i Firmware | ||
| Xerox Workcentre 7220 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7220i Firmware | ||
| Xerox Workcentre 7220 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7220i Firmware | ||
| Xerox Workcentre 7225 Firmware | <073.030.048.15000 | |
| Xerox Workcentre 7225i Firmware | ||
| Xerox Workcentre 7855 Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7855i | ||
| Xerox Workcentre 7845i Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7845i Firmware | ||
| Xerox Workcentre 7835 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7835i Firmware | ||
| Xerox Workcentre 7830i Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7830i Firmware | ||
| Xerox Workcentre 7830 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7830 Firmware | ||
| Xerox Workcentre 7835 Firmware | <073.010.048.15000 | |
| Xerox Workcentre 7835i | ||
| Xerox Workcentre 7845i Firmware | <073.040.048.15000 | |
| Xerox Workcentre 7845 | ||
| Xerox Workcentre 7970i Firmware | <073.200.048.15000 | |
| Xerox Workcentre 7970i | ||
| Xerox Workcentre 7970 Firmware | <073.200.048.15000 | |
| Xerox Workcentre 7970 | ||
| Xerox Workcentre Ec7836 Firmware | <073.050.048.15000 | |
| Xerox WorkCentre EC7836 | ||
| Xerox Workcentre Ec7856 Firmware | <073.020.048.15000 | |
| Xerox Workcentre Ec7856 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-20770?
CVE-2018-20770 has a moderate severity level due to the potential for blind SQL injection that could lead to unauthorized data exposure.
How do I fix CVE-2018-20770?
To fix CVE-2018-20770, upgrade to the firmware version R18-05 073.xxx.0487.15000 or later for the affected Xerox devices.
What devices are affected by CVE-2018-20770?
CVE-2018-20770 affects various Xerox WorkCentre models including 3655, 3655i, 58XX, 59XX, and several others prior to the specified firmware updates.
What type of vulnerability is CVE-2018-20770?
CVE-2018-20770 is classified as a blind SQL injection vulnerability, allowing attackers to exploit improper validation of input.
What precautions should I take regarding CVE-2018-20770?
Ensure that your Xerox WorkCentre devices are updated with the latest firmware to mitigate the risks associated with CVE-2018-20770.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xerox
- canonical/xerox workcentre 3655i firmware
- canonical/xerox workcentre 3655 firmware
- canonical/xerox workcentre 5890i firmware
- canonical/xerox workcentre 5865 firmware
- canonical/xerox workcentre 5865
- canonical/xerox workcentre 5875 firmware
- canonical/xerox workcentre 5845 firmware
- canonical/xerox workcentre 5845
- canonical/xerox workcentre 5900 firmware
- canonical/xerox workcentre 5900i firmware
- canonical/xerox workcentre 6655i firmware
- canonical/xerox workcentre 6655 firmware
- canonical/xerox workcentre 7855i
- canonical/xerox workcentre 7855 firmware
- canonical/xerox workcentre 7225i firmware
- canonical/xerox workcentre 7220 firmware
- canonical/xerox workcentre 7220i firmware
- canonical/xerox workcentre 7225 firmware
- canonical/xerox workcentre 7845i firmware
- canonical/xerox workcentre 7835 firmware
- canonical/xerox workcentre 7835i firmware
- canonical/xerox workcentre 7830i firmware
- canonical/xerox workcentre 7830 firmware
- canonical/xerox workcentre 7835i
- canonical/xerox workcentre 7845
- canonical/xerox workcentre 7970i firmware
- canonical/xerox workcentre 7970i
- canonical/xerox workcentre 7970 firmware
- canonical/xerox workcentre 7970
- canonical/xerox workcentre ec7836 firmware
- canonical/xerox workcentre ec7836
- canonical/xerox workcentre ec7856 firmware