Vulnerability CVE-2006-2112


Published: 2006-08-24   Modified: 2012-02-12

Description:
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Fuji xerox -> Docuprint c830 network option card 
Fuji xerox -> Fuji xerox printing systems print engine 
Fuji xerox -> Phaser 6201j 
Fuji xerox -> Docuprint 181 
Fuji xerox -> Docuprint 181 network option card 
Fuji xerox -> Docuprint 211 
Fuji xerox -> Docuprint 211 network option card 
Fuji xerox -> Docuprint c1616 
Fuji xerox -> Docuprint c1616 network option card 
Fuji xerox -> Docuprint c2535a 
Fuji xerox -> Docuprint c525a 
Fuji xerox -> Docuprint c525a network option card 
Fuji xerox -> Docuprint c830 
DELL -> 3000cn 
DELL -> 3010cn 
DELL -> 3100cn 
DELL -> 3110cn 
DELL -> 5100cn 
DELL -> 5110cn 

 References:
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19711
http://www.vupen.com/english/advisories/2006/3401
https://exchange.xforce.ibmcloud.com/vulnerabilities/28637

Copyright 2020, cxsecurity.com

 

Back to Top