CVE-2019-10880

Name: CVE-2019-10880
Creator: NVD / NIST
Published: 2019-04-12T18:29:01.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.47%

Last modified Jun 17, 2026

CVE-2019-10880 is a vulnerability of currently unknown severity. Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.. EPSS estimates a 8.47% chance of exploitation in the next 30 days.

Description

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.

Metrics

EPSS Probability

8.47%

94.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Xerox	Colorqube 8700 Firmware	< 072.161.009.07200
Xerox	Colorqube 8900 Firmware	< 072.161.009.07200
Xerox	Colorqube 9301 Firmware	< 072.180.009.07200
Xerox	Colorqube 9302 Firmware	< 072.180.009.07200
Xerox	Colorqube 9303 Firmware	< 072.180.009.07200

References

https://airbus-seclab.github.io/Not Applicable
https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdfVendor Advisory
https://airbus-seclab.github.io/Not Applicable
https://securitydocs.business.xerox.com/wp-content/uploads/2019/04/cert_Security_Mini_Bulletin_XRX19C_for_CQ8700_CQ8900_CQ93xx.pdfVendor Advisory

Timeline

Published: Apr 12, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-10880?

How severe is CVE-2019-10880?

Severity scoring for CVE-2019-10880 is pending analysis. The EPSS model estimates a 8.47% probability of exploitation in the next 30 days.

How do I fix CVE-2019-10880?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-10880?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST