Vulnerability CVE-2005-0703 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0703 (CCN-19602)

Assigned:

2005-03-07

Published:

2005-03-07

Updated:

2008-09-05

Summary:

Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: XEROX Security Bulletin XRX05-005
Multiple vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.

Source: MITRE
Type: CNA
CVE-2005-0703

Source: CCN
Type: SA14507
Xerox MicroServer Web Server Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
14507

Source: CCN
Type: Xerox Office Customer Support Web page
Xerox Office Customer Support

Source: CCN
Type: OSVDB ID: 14579
XEROX WorkCentre MicroServer Web Server Unspecified Restriction Bypass

Source: CCN
Type: BID-12731
Xerox Microserver Web Server Unspecified Remote Authorization Bypass Vulnerability

Source: CCN
Type: BID-13198
Xerox MicroServer Web Server Default Account Authentication Bypass Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX05_005.pdf

Source: XF
Type: UNKNOWN
xerox-webserver-security-bypass(19602)

Vulnerable Configuration:

Configuration 1:

cpe:/h:xerox:workcentre_165:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_165:7.47.30.000:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_165:7.47.33.008:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_175:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_175:7.47.30.000:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_175:7.47.33.008:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_2128:*:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_2128:0.001.04.044:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_2636:*:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_2636:0.001.04.044:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_32_color:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_32_color:0.001.00.060:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_32_color:0.001.02.081:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_35:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_35:3.028.11.000:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_35:3.97.20.032:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_3545:*:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_3545:0.001.04.044:*:pro_color:*:*:*:*:*

OR cpe:/h:xerox:workcentre_40_color:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_40_color:0.001.00.060:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_40_color:0.001.02.081:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_45:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_45:3.028.11.000:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_45:3.97.20.032:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_55:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_55:3.028.11.000:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_55:3.97.20.032:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_65:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_65:1.001.00.060:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_65:1.001.02.084:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_75:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_75:1.001.00.060:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_75:1.001.02.084:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_90:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_90:1.001.00.060:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_90:1.001.02.084:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:6.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:6.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:8.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:8.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:6.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:6.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:8.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:8.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:4.84.16.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:4.84.16.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:4.84.16.000:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:xerox:workcentre_m165:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:6.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:8.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m165:8.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:6.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:6.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:8.47.30.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m175:8.47.33.008:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m35:4.84.16.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m45:4.84.16.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:2.28.11.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:2.97.20.032:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_m55:4.84.16.000:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro_90:-:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro_75:-:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro_65:-:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro_55:-:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro_35:-:*:*:*:*:*:*:*

Denotes that component is vulnerable