Vulnerability Description
The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Workcentre 232 | All versions |
| Xerox | Workcentre 238 | All versions |
| Xerox | Workcentre 245 | All versions |
| Xerox | Workcentre 255 | All versions |
| Xerox | Workcentre 265 | All versions |
| Xerox | Workcentre 275 | All versions |
References
- http://secunia.com/advisories/22252PatchVendor Advisory
- http://securitytracker.com/id?1016981
- http://www.securityfocus.com/bid/20334/infoPatch
- http://www.vupen.com/english/advisories/2006/3921
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdfPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29357
- http://secunia.com/advisories/22252PatchVendor Advisory
- http://securitytracker.com/id?1016981
- http://www.securityfocus.com/bid/20334/infoPatch
- http://www.vupen.com/english/advisories/2006/3921
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdfPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29357
FAQ
What is CVE-2006-5290?
CVE-2006-5290 is a vulnerability with a CVSS score of 7.5 (HIGH). The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arb...
How severe is CVE-2006-5290?
CVE-2006-5290 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5290?
Check the references section above for vendor advisories and patch information. Affected products include: Xerox Workcentre 232, Xerox Workcentre 238, Xerox Workcentre 245, Xerox Workcentre 255, Xerox Workcentre 265.