| Vulnerability Name: | CVE-2006-6467 (CCN-40183) | ||||||||
| Assigned: | 2006-11-30 | ||||||||
| Published: | 2006-11-30 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P) 4.3 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6467 Source: CCN Type: SA23265 XEROX WorkCentre Products Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 23265 Source: CCN Type: OSVDB ID: 31821 XEROX WorkCentre Products SMB Homes Share Disclosure Source: CCN Type: OSVDB ID: 31822 XEROX WorkCentre Products Unspecified SMB File System Browsing Source: CCN Type: XEROX SECURITY BULLETIN XRX06-004 Cumulative update to address multiple security vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf Source: XF Type: UNKNOWN workcentre-smb-security-bypass(40183) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||