Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote multi-function device is affected by multiple
vulnerabilities.

Description :

According to its model number and software version, the remote host is
a Xerox ColorQube device that is affected by multiple
vulnerabilities :

- An information disclosure vulnerability exists in the
bundled version of OpenSSL due to a flaw in the
implementation of the Elliptic Curve Digital Signature
Algorithm (ECDSA) that allows nonce disclosure via the
'FLUSH+RELOAD' cache side-channel attack.
(CVE-2014-0076)

- A denial of service vulnerability exists in the bundled
version of OpenSSL due to a recursion flaw in the DTLS
functionality. A remote attacker can exploit this, via a
specially crafted request, to crash the DTLS client
application. (CVE-2014-0221)

- An unspecified error exists in the bundled version of
OpenSSL due to a flaw in the handshake process. A remote
attacker can exploit this, via a crafted handshake, to
force the client or server to use weak keying material,
allowing simplified man-in-the-middle attacks.
(CVE-2014-0224)

- A denial of service vulnerability exists in the bundled
version of OpenSSL due to an unspecified flaw related to
the ECDH ciphersuite. Note this issue only affects
OpenSSL TLS clients. (CVE-2014-3470)

- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input. A remote
attacker can exploit this, via a specially crafted
request, to execute arbitrary script code in a user's
browser session. (VulnDB 129429)

See also :

http://www.nessus.org/u?15fd6bad
https://www.openssl.org/news/secadv/20140605.txt
http://ccsinjection.lepidum.co.jp/
https://www.imperialviolet.org/2014/06/05/earlyccs.html

Solution :

Upgrade to firmware version PS 4.76.0 and net controller version
43.90.10.14.2015.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 86710 ()

Bugtraq ID: 66363
67898
67899
67901

CVE ID: CVE-2014-0076
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now