7.5
CVE-2006-5290
- EPSS 3.35%
- Veröffentlicht 13.10.2006 20:07:00
- Zuletzt bearbeitet 16.06.2026 22:30:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xerox ≫ Workcentre 232 Editionpro
Xerox ≫ Workcentre 238 Editionpro
Xerox ≫ Workcentre 245 Editionpro
Xerox ≫ Workcentre 255 Editionpro
Xerox ≫ Workcentre 265 Editionpro
Xerox ≫ Workcentre 275 Editionpro
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.35% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/22252
http://securitytracker.com/id?1016981
http://www.securityfocus.com/bid/20334/info
http://www.vupen.com/english/advisories/2006/3921
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29357