Vulnerability CVE-2006-0825 - CERT Civis.Net

Vulnerability Name:

CVE-2006-0825 (CCN-24804)

Assigned:

2006-02-20

Published:

2006-02-20

Updated:

2017-07-20

Summary:

Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2006-0825

Source: MITRE
Type: CNA
CVE-2006-0828

Source: CCN
Type: SA18952
Xerox ESS/ Network Controller and MicroServer Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18952

Source: CCN
Type: SECTRACK ID: 1015648
Xerox WorkCentre Multiple Bugs in ESS/Network Controller and MicroServer Web Server Permit Remote Access, Denial of Service, and Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1015648

Source: OSVDB
Type: UNKNOWN
23359

Source: CCN
Type: OSVDB ID: 23356
XEROX WorkCentre Unspecified Authentication Bypass

Source: CCN
Type: OSVDB ID: 23359
XEROX WorkCentre Unspecified Security Feature Bypass

Source: BID
Type: UNKNOWN
16726

Source: CCN
Type: BID-16726
Xerox WorkCentre Products Local Authentication Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0668

Source: CCN
Type: Xerox Security Bulletin XRX06-001
Vulnerabilities in the ESS/Network Controller and MicroServer Web Server could potentially permit unauthorized access

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf

Source: XF
Type: UNKNOWN
xerox-workcentre-auth-bypass(24804)

Source: XF
Type: UNKNOWN
xerox-workcentre-auth-bypass(24804)

Vulnerable Configuration:

Configuration 1:

cpe:/h:xerox:workcentre_232:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_232:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_238:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_238:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_245:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_245:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_255:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_255:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_265:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_265:*:*:pro:*:*:*:*:*

OR cpe:/h:xerox:workcentre_275:*:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_275:*:*:pro:*:*:*:*:*

Configuration CCN 1:

cpe:/h:xerox:workcentre_pro:232:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro:238:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro:245:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro:255:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro:265:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre_pro:275:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:232:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:238:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:245:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:255:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:265:*:*:*:*:*:*:*

OR cpe:/h:xerox:workcentre:275:*:*:*:*:*:*:*

Denotes that component is vulnerable