Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
BID:21365
Info
Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
| Bugtraq ID: | 21365 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6427 CVE-2006-6428 CVE-2006-6429 CVE-2006-6430 CVE-2006-6432 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Xerox WorkCentre Pro 275 Xerox WorkCentre Pro 265 Xerox WorkCentre Pro 255 Xerox WorkCentre Pro 245 Xerox WorkCentre Pro 238 Xerox WorkCentre Pro 232 Xerox WorkCentre 275 Xerox WorkCentre 265 Xerox WorkCentre 255 Xerox WorkCentre 245 Xerox WorkCentre 238 Xerox WorkCentre 232 |
| Not Vulnerable: | |
Discussion
Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
Xerox WorkCentre and WorkCentre Pro are prone to multiple vulnerabilities. The issues affect the ESS/Network controler firmware and the MicroServer Web Server application on the vulnerable devices.
Successful exploits may allow an attacker to gain unauthorized access to affected devices, make unauthorized changes to system configuration, and bypass security restrictions or anonymously retrieve secure files. Note that the attacker may not be able to obtain password or user information.
WorkCentre version 12.060.17.000, WorkCentre Pro version 13.060.17.000, and WorkCentre with PostScript option version 14.060.17.000 are vulnerable.
Xerox WorkCentre and WorkCentre Pro are prone to multiple vulnerabilities. The issues affect the ESS/Network controler firmware and the MicroServer Web Server application on the vulnerable devices.
Successful exploits may allow an attacker to gain unauthorized access to affected devices, make unauthorized changes to system configuration, and bypass security restrictions or anonymously retrieve secure files. Note that the attacker may not be able to obtain password or user information.
WorkCentre version 12.060.17.000, WorkCentre Pro version 13.060.17.000, and WorkCentre with PostScript option version 14.060.17.000 are vulnerable.
Exploit / POC
Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
Solution:
Xerox has released an advisory including fixes to address these issues. Please see the referenced advisory for more information.
Solution:
Xerox has released an advisory including fixes to address these issues. Please see the referenced advisory for more information.
References
Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
References:
References:
- Xerox Homepage (Xerox)
- XEROX SECURITY BULLETIN XRX06-006 (Xerox)