CVE-2006-6427

Опубликовано: 10 дек. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

Ссылки

http://secunia.com/advisories/23265
Vendor Advisory
http://securitytracker.com/id?1017337
Vendor Advisory
http://www.securityfocus.com/bid/21365
http://www.vupen.com/english/advisories/2006/4791
Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
Patch
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30674
http://secunia.com/advisories/23265
Vendor Advisory
http://securitytracker.com/id?1017337
Vendor Advisory
http://www.securityfocus.com/bid/21365
http://www.vupen.com/english/advisories/2006/4791
Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
Patch
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30674

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:xerox:workcentre:12.060.17.000:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre:12.060.17.000:*:pro:*:*:*:*:*

cpe:2.3:h:xerox:workcentre:13.060.17.000:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre:13.060.17.000:*:pro:*:*:*:*:*

cpe:2.3:h:xerox:workcentre:14.060.17.000:*:*:*:*:*:*:*

cpe:2.3:h:xerox:workcentre:14.060.17.000:*:pro:*:*:*:*:*

EPSS

Процентиль: 90%

0.05433

Низкий

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-hx47-4cx5-c8pm

github

почти 4 года назад