7.5

CVE-2006-5290

EPSS 1.58%
Published 13.10.2006 20:07:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Xerox ≫ Workcentre 232

Xerox ≫ Workcentre 232 Editionpro

Xerox ≫ Workcentre 238

Xerox ≫ Workcentre 238 Editionpro

Xerox ≫ Workcentre 245

Xerox ≫ Workcentre 245 Editionpro

Xerox ≫ Workcentre 255

Xerox ≫ Workcentre 255 Editionpro

Xerox ≫ Workcentre 265

Xerox ≫ Workcentre 265 Editionpro

Xerox ≫ Workcentre 275

Xerox ≫ Workcentre 275 Editionpro

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.58%	0.808

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/22252

Patch

Vendor Advisory

http://securitytracker.com/id?1016981

http://www.securityfocus.com/bid/20334/info

Patch

http://www.vupen.com/english/advisories/2006/3921

http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29357

https://nvd.nist.gov/vuln/detail/CVE-2006-5290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5290

EUVD