Urgent Security Alert: Critical Vulnerabilities Found in Xerox FreeFlow Core
Administrators and users of Xerox FreeFlow Core are being urged to take immediate action following the discovery of two significant security vulnerabilities. These flaws, one of which is rated as critical, could allow unauthenticated attackers to gain control over affected systems, steal sensitive data, and disrupt operations.
Xerox FreeFlow Core is a widely used browser-based software solution designed to automate workflows for print providers. The identified vulnerabilities expose the underlying servers to severe risks, making prompt patching an essential security measure.
The Critical Path Traversal Flaw (CVE-2023-40487)
The more severe of the two vulnerabilities is a path traversal flaw, which has been assigned a CVSS score of 9.9 out of 10, labeling it as critical.
This vulnerability allows an unauthenticated remote attacker to bypass security measures and access the server’s file system. By exploiting this flaw, an attacker can read, write, and even delete arbitrary files on the server where FreeFlow Core is installed. The ultimate danger of this vulnerability is the potential for unauthenticated remote code execution (RCE). This means a malicious actor could run their own code on your server, effectively giving them complete control over the system without needing any login credentials.
The High-Severity XXE Vulnerability (CVE-2023-40486)
The second vulnerability is an XML External Entity (XXE) injection flaw, rated as high severity with a CVSS score of 7.5.
This vulnerability can be exploited by an unauthenticated attacker to trick the application into processing a maliciously crafted XML file. Successful exploitation could lead to several damaging outcomes, including:
- Data Theft: Attackers can read sensitive files from the server’s file system.
- Denial-of-Service (DoS): The attack could be used to crash the application or the entire server.
- Server-Side Request Forgery (SSRF): Attackers could force the server to make requests to other internal or external systems, potentially escalating their attack within your network.
Which Systems Are Affected?
These vulnerabilities impact all versions of Xerox FreeFlow Core prior to 6.2.1. The fact that these flaws can be exploited by an unauthenticated attacker significantly increases the risk, as anyone with network access to the server could potentially launch an attack.
How to Protect Your System: Immediate Steps to Take
To protect your systems and data from these serious threats, it is imperative to act now. Xerox has released a security patch that addresses both vulnerabilities.
The primary and most crucial step is to update your software to Xerox FreeFlow Core version 6.2.1 or a later release immediately.
Follow these security best practices:
- Identify Your Version: Check your current installation of Xerox FreeFlow Core to determine if you are running a version prior to 6.2.1.
- Apply the Patch: Download and install the official security update from Xerox as soon as possible. Prioritize this update, as the critical nature of the RCE vulnerability presents a clear and present danger.
- Review System Logs: As a precautionary measure, review server and application logs for any unusual or suspicious activity that might indicate a past compromise.
The discovery of these vulnerabilities is a stark reminder of the importance of proactive security management. Don’t delay—verify your software version and apply the necessary updates to safeguard your print workflow environment and sensitive data.
Source: https://securityaffairs.com/181243/security/xerox-fixed-path-traversal-and-xxe-bugs-in-freeflow-core.html
