Xerox WorkCentre Web Server Unspecified Command Injection (XRX09-002)

critical Nessus Plugin ID 38790

Synopsis

The remote multi-function device is affected by a command injection vulnerability.

Description

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly has an as-yet unspecified command injection vulnerability in its web server. A remote attacker may be able to leverage this issue to execute arbitrary code via carefully crafted inputs on an affected web page.

Solution

Apply the P38 patch as described in the Xerox security bulletin referenced in the included URL.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX09-02_v1.0.pdf

Plugin Details

Severity: Critical

ID: 38790

File Name: xerox_xrx09_002.nasl

Version: 1.13

Type: remote

Family: Misc.

Published: 5/15/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Ease: No known exploits are available

Patch Publication Date: 5/15/2009

Vulnerability Publication Date: 5/15/2009

Reference Information

CVE: CVE-2009-1656

BID: 34984

Secunia: 35101