CVE-2019-13166

{"id": "CVE-2019-13166", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-13T19:15:14.587", "references": [{"url": "https://security.business.xerox.com/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://security.business.xerox.com/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks."}, {"lang": "es", "value": "Algunas impresoras Xerox (tal y como la Phaser 3320 versi\u00f3n V53.006.16.000), no implementaron el bloqueo de cuenta. Las credenciales de la cuenta local pueden ser extra\u00eddas del dispositivo por medio de ataques de adivinaci\u00f3n de fuerza bruta."}], "lastModified": "2024-11-21T04:24:20.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:phaser_3320_firmware:v53.006.16.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0683FED0-AF80-4717-A556-9B1DA9041F80"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:phaser_3320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "82C5628C-DC4E-472A-9AD8-35C3CA7BD1A9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}