| Vulnerability Name: | CVE-2006-6435 (CCN-40177) | ||||||||
| Assigned: | 2006-11-30 | ||||||||
| Published: | 2006-11-30 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6435 Source: CCN Type: SA23265 XEROX WorkCentre Products Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 23265 Source: CCN Type: OSVDB ID: 31829 XEROX WorkCentre Products SNMP Authentication Trap Failure Source: CCN Type: XEROX SECURITY BULLETIN XRX06-004 Cumulative update to address multiple security vulnerabilities Source: CONFIRM Type: Patch http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf Source: XF Type: UNKNOWN workcentre-snmp-weak-security(40177) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||