CVE-2006-5290

The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."

Referenced by CVEs: CVE-2006-6427
Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-13 04:07:00.000-04
Last Modified2017-07-19 09:33:40.000-04

Vulnerable Software List

VendorProductVersions
Xerox Workcentre 275 , ::pro
Xerox Workcentre 232 , ::pro
Xerox Workcentre 265 , ::pro
Xerox Workcentre 255 , ::pro
Xerox Workcentre 245 , ::pro
Xerox Workcentre 238 , ::pro

References

SourceLink
SECTRACK1016981
BID20334
VUPENADV-2006-3921
CONFIRMhttp://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf
XFxerox-hostname-command-execution(29357)