Lucene search

[email protected]CVE-2006-6427

HistoryDec 10, 2006 - 11:28 a.m.

CVE-2006-6427

2006-12-1011:28:00

CWE-78

[email protected]

web.nvd.nist.gov

xerox

workcentre

remote command injection

cve-2006-6427

security vulnerability

nvd

tcp/ip

microsoft networking

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving “command injection” in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

CPENameOperatorVersion
xerox:workcentrexerox workcentreeq12.060.17.000
xerox:workcentrexerox workcentreeq13.060.17.000
xerox:workcentrexerox workcentreeq14.060.17.000

CPE	Name	Operator	Version
xerox:workcentre	xerox workcentre	eq	12.060.17.000
xerox:workcentre	xerox workcentre	eq	13.060.17.000
xerox:workcentre	xerox workcentre	eq	14.060.17.000

References

secunia.com/advisories/23265

securitytracker.com/id?1017337

www.securityfocus.com/bid/21365

www.vupen.com/english/advisories/2006/4791

www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf

www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/30674

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2006-6427

nessus2 cve1