Vulnerability CVE-2006-2113


Published: 2006-08-24   Modified: 2012-02-12

Description:
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Type:

CWE-287

(Improper Authentication)

Vendor: DELL
Product: 5110cn 
Product: 3000cn 
Product: 3100cn 
Product: 5100cn 
Product: 3010cn 
Product: 3110cn 
Vendor: Fuji xerox
Product: Fuji xerox printing systems print engine 
Product: Docuprint c2535a 
Product: Docuprint 181 network option card 
Product: Docuprint c525a network option card 
Product: Docuprint 211 network option card 
Product: Docuprint c830 network option card 
Product: Docuprint c1616 network option card 
Product: Docuprint 181 
Product: Phaser 6201j 
Product: Docuprint c525a 
Product: Docuprint 211 
Product: Docuprint c830 
Product: Docuprint c1616 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19716
http://www.vupen.com/english/advisories/2006/3401

Copyright 2019, cxsecurity.com

 

Back to Top