CVE编号
CVE-2022-23968利用情况
暂无补丁情况
N/A披露时间
2022-01-26漏洞描述
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-net... | |
| https://twitter.com/mqudsi/status/1485756915187695618 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | xerox | versalink_firmware | * |
Up to (including) 42.01 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | xerox | versalink_firmware | * |
From (including) 50.00 |
Up to (including) 50.61 |
||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b400 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b405 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b600 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b610 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b7025 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b7030 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_b7035 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c400 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c405 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c505 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c600 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c605 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c7000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c7020 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c7025 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c7030 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c8000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c8000w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | xerox | versalink_c9000 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
还没有评论,来说两句吧...