CVE-2019-19832: CSRF
First published: Wed Dec 18 2019(Updated: )
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xerox Altalink C8035 Firmware | ||
| Xerox AltaLink C8035 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19832?
CVE-2019-19832 is a vulnerability that allows Cross-Site Request Forgery (CSRF) on Xerox AltaLink C8035 printers.
How severe is CVE-2019-19832?
CVE-2019-19832 has a severity rating of 8.8 (high).
How does CVE-2019-19832 work?
CVE-2019-19832 allows an attacker to make unauthorized requests to add users to the Device User Database on Xerox AltaLink C8035 printers through the xerox.set URI.
Which software is affected by CVE-2019-19832?
Xerox AltaLink C8035 printers with the Xerox Altalink C8035 Firmware are affected by CVE-2019-19832.
Is Xerox AltaLink C8035 vulnerable to CVE-2019-19832?
No, Xerox AltaLink C8035 printers themselves (hardware) are not vulnerable to CVE-2019-19832, but only the ones with the Xerox Altalink C8035 Firmware are.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/xerox
- canonical/xerox altalink c8035 firmware
- canonical/xerox altalink c8035