Vulnerability CVE-2006-2113


Published: 2006-08-24   Modified: 2012-02-12

Description:
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Fuji xerox -> Docuprint c830 network option card 
Fuji xerox -> Fuji xerox printing systems print engine 
Fuji xerox -> Phaser 6201j 
Fuji xerox -> Docuprint 181 
Fuji xerox -> Docuprint 181 network option card 
Fuji xerox -> Docuprint 211 
Fuji xerox -> Docuprint 211 network option card 
Fuji xerox -> Docuprint c1616 
Fuji xerox -> Docuprint c1616 network option card 
Fuji xerox -> Docuprint c2535a 
Fuji xerox -> Docuprint c525a 
Fuji xerox -> Docuprint c525a network option card 
Fuji xerox -> Docuprint c830 
DELL -> 3000cn 
DELL -> 3010cn 
DELL -> 3100cn 
DELL -> 3110cn 
DELL -> 5100cn 
DELL -> 5110cn 

 References:
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19716
http://www.vupen.com/english/advisories/2006/3401

Copyright 2020, cxsecurity.com

 

Back to Top