Vulnerability CVE-2006-2112


Published: 2006-08-24   Modified: 2012-02-12

Description:
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: DELL
Product: 5110cn 
Product: 3000cn 
Product: 3100cn 
Product: 5100cn 
Product: 3010cn 
Product: 3110cn 
Vendor: Fuji xerox
Product: Fuji xerox printing systems print engine 
Product: Docuprint c2535a 
Product: Docuprint 181 network option card 
Product: Docuprint c525a network option card 
Product: Docuprint 211 network option card 
Product: Docuprint c830 network option card 
Product: Docuprint c1616 network option card 
Product: Docuprint 181 
Product: Phaser 6201j 
Product: Docuprint c525a 
Product: Docuprint 211 
Product: Docuprint c830 
Product: Docuprint c1616 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19711
http://www.vupen.com/english/advisories/2006/3401
https://exchange.xforce.ibmcloud.com/vulnerabilities/28637

Copyright 2019, cxsecurity.com

 

Back to Top