Xerox WorkCentre Command Injection (XRX11-001)

critical Nessus Plugin ID 51901

Synopsis

The remote multi-function device may allow arbitrary code execution.

Description

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly allows an unauthenticated attacker to execute arbitrary code via specially crafted HTTP requests.

Solution

Apply the P45 patch as described in the Xerox security bulletin.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX11-001_v1.0.pdf

Plugin Details

Severity: Critical

ID: 51901

File Name: xerox_xrx11_001.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 2/8/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre, www/xerox_workcentre/model, www/xerox_workcentre/ess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/4/2011

Vulnerability Publication Date: 2/4/2011

Reference Information

BID: 46160