Lucene search

[email protected]CVE-2006-6435

HistoryDec 10, 2006 - 11:28 a.m.

CVE-2006-6435

2006-12-1011:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

snmp

xerox

workcentre

workcentre pro

cve-2006-6435

nvd

authentication failure

traps

remote attackers

system access

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.4%

JSON

The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack.

CPENameOperatorVersion
xerox:workcentrexerox workcentreeq12.060.17.000
xerox:workcentrexerox workcentreeq13.060.17.000
xerox:workcentrexerox workcentreeq14.060.17.000

CPE	Name	Operator	Version
xerox:workcentre	xerox workcentre	eq	12.060.17.000
xerox:workcentre	xerox workcentre	eq	13.060.17.000
xerox:workcentre	xerox workcentre	eq	14.060.17.000

References

secunia.com/advisories/23265

www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2006-6435

cvelist1