Vulnerabilities > CVE-2019-13166 - Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

xerox

CWE-307

NVD

Published: 2020-03-13

Updated: 2020-08-24

Summary

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.

Vulnerable Configurations

Part	Description	Count
OS	Xerox Xerox Phaser 3320 Firmware V53.006.16.000	1
Hardware	Xerox Xerox Phaser 3320 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
https://security.business.xerox.com/