CVE-2006-6427

Sažetak

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

Reference

http://secunia.com/advisories/23265
http://securitytracker.com/id?1017337
http://www.securityfocus.com/bid/21365
http://www.vupen.com/english/advisories/2006/4791
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30674

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:29

Objavljeno

10-12-2006 - 11:28