XEROX Products: Remote Command Execution Vulnerability via Crafted HTTP Request

XEROX Products: Remote Command Execution Vulnerability via Crafted HTTP Request

CVE-2019-10880 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.