{"vuid":"VU#737740","idnumber":"737740","name":"Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL","keywords":["fiery","xerox","openssl","print"],"overview":"Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).","clean_desc":"Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable.","impact":"A remote attacker may be able to cause a denial of service or possibly run arbitrary code.","resolution":"Apply an Update Apply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from Xerox tech support.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks.","sysaffected":"","thanks":"Thanks to Curtis Rhodes for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64","https://www.openssl.org/news/vulnerabilities.html","http://w3.efi.com/Fiery"],"cveids":["CVE-2013-0169","CVE-2013-0166","CVE-2012-2333","CVE-2012-0884","CVE-2011-4619","CVE-2011-4577","CVE-2011-4576","CVE-2011-4109","CVE-2011-4108","CVE-2010-4180","CVE-2010-3864"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-12-14T17:31:47Z","publicdate":"2013-03-18T00:00:00Z","datefirstpublished":"2013-03-18T14:48:21Z","dateupdated":"2013-05-02T17:40:09Z","revision":30,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"L","cvss_securityrequirementsir":"L","cvss_securityrequirementsar":"L","cvss_basescore":"6.9","cvss_basevector":"AV:A/AC:M/Au:N/C:P/I:P/A:C","cvss_temporalscore":"5.1","cvss_environmentalscore":"1","cvss_environmentalvector":"CDP:L/TD:L/CR:L/IR:L/AR:L","metric":0.0,"vulnote":null}