high
8.8
CWE
306
Advisory Published
Updated

CVE-2020-9330

First published: Fri Feb 21 2020(Updated: )

Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Xerox Workcentre 3655 Firmware<073.060.000.02300
Xerox WorkCentre 3655
Xerox Workcentre 3655i Firmware<073.060.000.02300
Xerox Workcentre 3655i
Xerox Workcentre 5845 Firmware<073.190.000.02300
Xerox Workcentre 5845
Xerox Workcentre 5855 Firmware<073.190.000.02300
Xerox Workcentre 5855
Xerox Workcentre 5945 Firmware<073.091.000.02300
Xerox Workcentre 5945
Xerox Workcentre 5955 Firmware<073.091.000.02300
Xerox Workcentre 5955
Xerox Workcentre 6655 Firmware<073.110.000.02300
Xerox Workcentre 6655
Xerox Workcentre 6655i Firmware<073.110.000.02300
Xerox Workcentre 6655i
Xerox Workcentre 7220 Firmware<073.030.000.02300
Xerox Workcentre 7220
Xerox Workcentre 7225 Firmware<073.030.000.02300
Xerox Workcentre 7225
Xerox Workcentre 7830 Firmware<073.010.000.02300
Xerox Workcentre 7830
Xerox Workcentre 7835 Firmware<073.010.000.02300
Xerox Workcentre 7835
Xerox Workcentre 7845 Firmware<073.010.000.02300
Xerox Workcentre 7845
Xerox Workcentre 7855 Firmware<073.010.000.02300
Xerox Workcentre 7855
Xerox Workcentre 7970 Firmware<073.200.000.02300
Xerox Workcentre 7970
Xerox Workcentre 7970i Firmware<073.200.000.02300
Xerox Workcentre 7970i
Xerox Workcentre Ec7836 Firmware<073.050.000.02300
Xerox WorkCentre EC7836
Xerox Workcentre Ec7856 Firmware<073.020.000.02300
Xerox Workcentre Ec7856

Remedy

https://securitydocs.business.xerox.com/wp-content/uploads/2020/02/cert_Security_Mini_Bulletin_XRX20D_for_ConnectKey.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-9330?

    CVE-2020-9330 is a vulnerability found in certain Xerox WorkCentre printers before 073.xxx.000.02300.

  • What is the severity of CVE-2020-9330?

    CVE-2020-9330 has a severity rating of 8.8 (high).

  • How does CVE-2020-9330 work?

    CVE-2020-9330 allows a malicious actor to change the LDAP connection IP address without reentering or validating LDAP bind credentials.

  • Which Xerox WorkCentre printers are affected by CVE-2020-9330?

    Certain Xerox WorkCentre printers before 073.xxx.000.02300 are affected by CVE-2020-9330.

  • How can I fix CVE-2020-9330?

    To fix CVE-2020-9330, it is recommended to update the firmware of the affected Xerox WorkCentre printers to version 073.xxx.000.02300 or newer.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203