Login Sign Up

CVE-2019-17184

9.8 CRITICAL

📋 TL;DR

This vulnerability in Xerox AltaLink printers allows attackers to gain elevated privileges on affected devices. Attackers could potentially take full control of the printer system. Affected models include B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 printers with software before version 101.00x.089.22600.

💻 Affected Systems

Products:
  • Xerox AltaLink B8045
  • Xerox AltaLink B8055
  • Xerox AltaLink B8065
  • Xerox AltaLink B8075
  • Xerox AltaLink B8090
  • Xerox AltaLink C8030
  • Xerox AltaLink C8035
  • Xerox AltaLink C8045
  • Xerox AltaLink C8055
  • Xerox AltaLink C8070
Versions: Software versions before 101.00x.089.22600
Operating Systems: Printer firmware/embedded OS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected models with vulnerable firmware versions are vulnerable in default configuration.

📦 What is this software?

Atlalink Firmware by Xerox

View all CVEs affecting Atlalink Firmware →

Atlalink Firmware by Xerox

View all CVEs affecting Atlalink Firmware →

Atlalink Firmware by Xerox

View all CVEs affecting Atlalink Firmware →

Atlalink Firmware by Xerox

View all CVEs affecting Atlalink Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of printer system allowing attackers to intercept print jobs, access stored documents, use printer as network pivot point, or install persistent malware.

🟠

Likely Case

Unauthorized access to printer administrative functions, configuration changes, or data exfiltration from print jobs.

🟢

If Mitigated

Limited impact if printers are isolated from critical networks and have restricted administrative access.

🌐 Internet-Facing: HIGH - Printers exposed to internet could be directly exploited by remote attackers.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this to gain printer control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 suggests network-accessible, low-complexity attack without authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 101.00x.089.22600 or later

Vendor Advisory: https://security.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19V_for_AltaLinkB80xx-C80xx.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Xerox support portal. 2. Upload firmware to printer via web interface or CenterWare. 3. Apply update through printer's firmware update function. 4. Reboot printer after installation.

🔧 Temporary Workarounds

Network isolation

all

Place printers on isolated network segments with restricted access

Access control restrictions

all

Implement strict firewall rules to limit printer access to authorized IPs only

🧯 If You Can't Patch

  • Isolate printers on separate VLAN with strict access controls
  • Disable unnecessary printer services and interfaces

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface: Settings > Device > About > Firmware Version

Check Version:

Not applicable - check via printer web interface or display panel

Verify Fix Applied:

Verify firmware version is 101.00x.089.22600 or higher in printer settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrative login attempts
  • Firmware modification events
  • Configuration changes from unexpected sources

Network Indicators:

  • Unexpected connections to printer administrative ports (typically 80, 443, 9100)
  • Traffic patterns suggesting privilege escalation attempts

SIEM Query:

source_ip=printer_ip AND (event_type="admin_login" OR event_type="config_change") AND user!=authorized_admin

📊 Metadata

CVE ID: CVE-2019-17184
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: October 4, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON