Operating System:

[WIN]

Published:

09 September 2019

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2019.0254 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0254
     Multiple vulnerabilities have been identified in Xerox WorkCentre
                             9 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Xerox WorkCentre
Operating System:     Windows 10
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Access Privileged Data          -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Unauthorised Access             -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-12265 CVE-2019-12263 CVE-2019-12262
                      CVE-2019-12261 CVE-2019-12259 CVE-2019-12257
                      CVE-2019-1225 CVE-2019-1224 
Member content until: Wednesday, October  9 2019
Reference:            ASB-2019.0238
                      ASB-2019.0224
                      ESB-2019.3245
                      ESB-2019.3118
                      ESB-2019.2856
                      ESB-2019.2075

OVERVIEW

        Multiple vulnerabilities have been identified in Xerox WorkCentre 
        prior to version 60.006.04.000. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "Wind River VxWorks TCP/IP Stack (IPNet) Vulnerabilities: CVE-2019-
        1225, CVE-2019-12257, CVE-2019- 12255, 
        CVE-2019-12261,CVE-2019-12263, CVE- 2019-12258, 
        CVE-2019-12259,CVE-2019-12262,CVE2019-12264,CVE-2019-12265" [1]
        
        Additional details regarding the vulnerabilities are listed below as
        publish by the National Vulnerability Database (NVD):
        
        "An information disclosure vulnerability exists when the Windows RDP
        server improperly discloses the contents of its memory, aka 'Remote
        Desktop Protocol Server Information Disclosure Vulnerability'. This
        CVE ID is unique from CVE-2019-1224." [2]
        
        "Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the 
        DHCP client component. There is an IPNET security vulnerability: 
        Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc." [3]
        
        "Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP
        component (issue 1 of 4). This is a IPNET security vulnerability: 
        TCP Urgent Pointer = 0 that leads to an integer underflow." [4]
        
        "Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in
        the TCP component (issue 3 of 4). This is an IPNET security 
        vulnerability: TCP Urgent Pointer state confusion during connect() 
        to a remote host." [5]
        
        "Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP 
        component (issue 4 of 4). There is an IPNET security vulnerability:
        TCP Urgent Pointer state confusion due to race condition." [6]
        
        "Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP
        component. This is a IPNET security vulnerability: DoS of TCP 
        connection via malformed TCP options." [7]
        
        "Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index 
        error in the IGMPv3 client component. There is an IPNET security 
        vulnerability: DoS via NULL dereference in IGMP parsing." [8]
        
        "Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access 
        Control in the RARP client component. IPNET security vulnerability:
        Handling of unsolicited Reverse ARP replies (Logical Flaw)." [9]
        
        "Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has 
        Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP 
        client component." [10]
        
        "Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory
        Leak in the IGMPv3 client component. There is an IPNET security 
        vulnerability: IGMP Information leak via IGMPv3 specific membership
        report." [11]


MITIGATION

        Xerox recommends users upgrade to the latest version to fix these 
        issues. [1]


REFERENCES

        [1] WorkCentre® 3025/3215/3225
Phaser® 3020/3052/3260
SPAR Release
            3.50.01.16 or .17
Bulletin Date: Jan 31, 2017Mini Bulletin
            XRX19UXero(R) WorkCentre(R) 3335/3345 SPAR Release 60.006.04.000
            https://security.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19U_for_WorkCentre3335-3345.pdf

        [2] CVE-2019-1225 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-1225

        [3] CVE-2019-12257 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12257

        [4] CVE-2019-12255 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12255

        [5] CVE-2019-12261 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12261

        [6] CVE-2019-12263 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12263

        [7] CVE-2019-12258 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12258

        [8] CVE-2019-12259 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12259

        [9] CVE-2019-12262 Detail
            https://nvd.nist.gov/vuln/detail/CVE-2019-12262

        [10] CVE-2019-12264 Detail
             https://nvd.nist.gov/vuln/detail/CVE-2019-12264

        [11] CVE-2019-12265 Detail
             https://nvd.nist.gov/vuln/detail/CVE-2019-12265

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXXW0VGaOgq3Tt24GAQjZgQ//SpGZiSnvPoyXPRN6sGgJLICKMLBNLS48
vb8j4vWvY9rHaVXyi0JExBf6k4CWNR9Brz8MaizjpST3nRllcHbBoVeJkuO5K1DW
4TxEX9T0+29/hGZPgFnh+3O2NQPZkdTubVvoSKK7LPeyuwFmT+biIXnABpVFev8y
MzI4K+57ywWAb8oZz3N7+5DKerCjR5/Tc1P2VIsUUrZ9Q+9ZupC25fthYzZsFtwH
cEpHkbbgs+inoZJO38+EV31Xq/NBiV2D8EKbEvwmn4rK06DmbPJe+NyzOOffSO3b
xlUF/pyF4vjkCzbknSo2f0b1YAQrCLkc5VsN5wdPJGcxdJwvwaEplYcbKD7ppsuo
967N03ko0Riiru3GnGCfxv5WE7Y34W532tse+wnraCNpqNl5xF8VhFZLCCR90D31
PZSGjKJK+AWSIcBANGNC1qM0KK36uRuouT1tfujoEa0rmaDlaDd131iaxM/QcbPW
Ph5REhy+Z4zWXfaVt6oJi1loaQWzymtoAM6dxlPa1cOZP7in3+xHCxRuijQOagqr
X0AINet6lo463udCKpHkjU58EMBMAT70BFwAv7MDbod7G0chmaCukYPVNxtjpdfk
6YIAPvi5pdvhvanswO9rcKg9pFMgN8v6lmqpL62lsKn6gppEGcJaIrcTsm3vCB8T
y8N2W+lFvrg=
=iD9S
-----END PGP SIGNATURE-----