Overview
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).
Description
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable. |
Impact
A remote attacker may be able to cause a denial of service or possibly run arbitrary code. |
Solution
Apply an Update Apply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from Xerox tech support. |
Restrict access |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6.9 | AV:A/AC:M/Au:N/C:P/I:P/A:C |
| Temporal | 5.1 | E:U/RL:OF/RC:C |
| Environmental | 1 | CDP:L/TD:L/CR:L/IR:L/AR:L |
References
Acknowledgements
Thanks to Curtis Rhodes for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884, CVE-2011-4619, CVE-2011-4577, CVE-2011-4576, CVE-2011-4109, CVE-2011-4108, CVE-2010-4180, CVE-2010-3864 |
| Date Public: | 2013-03-18 |
| Date First Published: | 2013-03-18 |
| Date Last Updated: | 2013-05-02 17:40 UTC |
| Document Revision: | 30 |