First published: Wed Dec 18 2019(Updated: )
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xerox Altalink C8035 Firmware | ||
Xerox AltaLink C8035 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19832 is a vulnerability that allows Cross-Site Request Forgery (CSRF) on Xerox AltaLink C8035 printers.
CVE-2019-19832 has a severity rating of 8.8 (high).
CVE-2019-19832 allows an attacker to make unauthorized requests to add users to the Device User Database on Xerox AltaLink C8035 printers through the xerox.set URI.
Xerox AltaLink C8035 printers with the Xerox Altalink C8035 Firmware are affected by CVE-2019-19832.
No, Xerox AltaLink C8035 printers themselves (hardware) are not vulnerable to CVE-2019-19832, but only the ones with the Xerox Altalink C8035 Firmware are.