CVE-2020-9330 Detail
Current Description
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices.
Source:
MITRE
View Analysis Description
Analysis Description
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices.
Source:
MITRE
Severity
CVSS 3.x Severity and Metrics:
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Metrics:
Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.
Weakness Enumeration
| CWE-ID |
CWE Name |
Source |
| CWE-522 |
Insufficiently Protected Credentials |
NIST
|
Known Affected Software Configurations
Switch to CPE 2.2
Configuration 1 ( hide ) Configuration 2 ( hide ) Configuration 3 ( hide ) Configuration 4 ( hide ) Configuration 5 ( hide ) Configuration 6 ( hide ) Configuration 7 ( hide ) Configuration 8 ( hide ) Configuration 9 ( hide ) Configuration 10 ( hide ) Configuration 11 ( hide ) Configuration 12 ( hide ) Configuration 13 ( hide ) Configuration 14 ( hide ) Configuration 15 ( hide ) Configuration 16 ( hide ) Configuration 17 ( hide ) Configuration 18 ( hide )
Change History
1 change record found
- show changes
Initial Analysis -
3/5/2020 11:18:08 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_3655_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.060.000.02300
OR
cpe:2.3:h:xerox:workcentre_3655:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_3655i_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.060.000.02300
OR
cpe:2.3:h:xerox:workcentre_3655i:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_5845_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.190.000.02300
OR
cpe:2.3:h:xerox:workcentre_5845:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_5855_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.190.000.02300
OR
cpe:2.3:h:xerox:workcentre_5855:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_5945_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.091.000.02300
OR
cpe:2.3:h:xerox:workcentre_5945:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_5955_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.091.000.02300
OR
cpe:2.3:h:xerox:workcentre_5955:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_6655_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.110.000.02300
OR
cpe:2.3:h:xerox:workcentre_6655:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_6655i_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.110.000.02300
OR
cpe:2.3:h:xerox:workcentre_6655i:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.030.000.02300
OR
cpe:2.3:h:xerox:workcentre_7220:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7225_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.030.000.02300
OR
cpe:2.3:h:xerox:workcentre_7225:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7830_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.010.000.02300
OR
cpe:2.3:h:xerox:workcentre_7830:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7835_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.010.000.02300
OR
cpe:2.3:h:xerox:workcentre_7835:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7845_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.010.000.02300
OR
cpe:2.3:h:xerox:workcentre_7845:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7855_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.010.000.02300
OR
cpe:2.3:h:xerox:workcentre_7855:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7970_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.200.000.02300
OR
cpe:2.3:h:xerox:workcentre_7970:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_7970i_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.200.000.02300
OR
cpe:2.3:h:xerox:workcentre_7970i:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_ec7836_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.050.000.02300
OR
cpe:2.3:h:xerox:workcentre_ec7836:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:xerox:workcentre_ec7856_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 073.020.000.02300
OR
cpe:2.3:h:xerox:workcentre_ec7856:-:*:*:*:*:*:*:* |
| Added |
CVSS V2 |
|
NIST (AV:N/AC:L/Au:S/C:P/I:N/A:N) |
| Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Added |
CWE |
|
NIST CWE-522 |
| Changed |
Reference Type |
https://securitydocs.business.xerox.com/wp-content/uploads/2020/02/cert_Security_Mini_Bulletin_XRX20D_for_ConnectKey.pdf No Types Assigned |
https://securitydocs.business.xerox.com/wp-content/uploads/2020/02/cert_Security_Mini_Bulletin_XRX20D_for_ConnectKey.pdf Patch, Vendor Advisory |
| Changed |
Reference Type |
https://www.securicon.com/hackers-can-gain-active-directory-privileges-through-new-vulnerability-in-xerox-printers/ No Types Assigned |
https://www.securicon.com/hackers-can-gain-active-directory-privileges-through-new-vulnerability-in-xerox-printers/ Exploit, Third Party Advisory |
Quick Info
CVE Dictionary Entry:
CVE-2020-9330
NVD Published Date:
02/21/2020
NVD Last Modified:
03/05/2020
|