| Vulnerability Name: | CVE-2010-0548 (CCN-55828) | ||||||||
| Assigned: | 2010-01-22 | ||||||||
| Published: | 2010-01-22 | ||||||||
| Updated: | 2010-02-05 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0548 Source: CCN Type: SA38139 Xerox WorkCentre Authentication Bypass Vulnerabilities Source: SECUNIA Type: Vendor Advisory 38139 Source: CCN Type: OSVDB ID: 61916 XEROX WorkCentre Multiple Products Scan to Mailbox Authentication Bypass Source: CCN Type: OSVDB ID: 61917 XEROX WorkCentre Multiple Products Web Server Unspecified Authentication Bypass Source: CCN Type: BID-37921 Xerox WorkCentre Multiple Authentication Bypass Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2010-0209 Source: CCN Type: Xerox Security Bulletin XRX10-002 Software update to address Authorization Bypass Vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf Source: XF Type: UNKNOWN workcentre-controller-server-unauth-access(55828) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||