CVE-2024-55930

Medium

Published: 23 January 2025

Published

23 January 2025

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.9th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

Security Summary

CVE-2024-55930 affects Xerox Workplace Suite, where weak default folder permissions (CWE-276) allow unauthorized users to access, modify, or delete files. The vulnerability received a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-23.

Exploitation requires local access (AV:L) with high privileges (PR:H) and low complexity (AC:L), with no user interaction needed (UI:N). A successful attacker can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U) by leveraging the improper permissions to manipulate sensitive files.

Xerox Security Bulletin XRX25-002 provides details on mitigations for Xerox Workplace Suite and is available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf.

Details

CWE(s): CWE-276

Affected Products

xerox

workplace suite

≤ 5.6.701.9

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf
Vendor Advisory · 10b61619-3869-496c-8a1e-f291b0e71e3f