Xerox Document Centre Web Server Unspecified Unauthorized Access (XRX05-003)

high Nessus Plugin ID 18258

Synopsis

The remote web server is affected by an unauthorized access vulnerability.

Description

According to its model number and software version, the remote host is a Xerox Document Centre or WorkCentre device with an embedded web server that could allow unauthorized access to the web server directory structure, which in turn could enable a remote attacker to gain access rights and to make unauthorized changes to the device's system configuration.

Solution

Apply the P16 or P21 patches as described in the Xerox bulletins.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf

https://www.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-09.pdf

Plugin Details

Severity: High

ID: 18258

File Name: xerox_xrx05_003.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 5/14/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/h:xerox:document_centre, cpe:/h:xerox:workcentre

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/7/2005

Reference Information

CVE: CVE-2005-1936

BID: 12783