7.5

CVE-2006-5290

EPSS 1.58%
Veröffentlicht 13.10.2006 20:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xerox ≫ Workcentre 232

Xerox ≫ Workcentre 232 Editionpro

Xerox ≫ Workcentre 238

Xerox ≫ Workcentre 238 Editionpro

Xerox ≫ Workcentre 245

Xerox ≫ Workcentre 245 Editionpro

Xerox ≫ Workcentre 255

Xerox ≫ Workcentre 255 Editionpro

Xerox ≫ Workcentre 265

Xerox ≫ Workcentre 265 Editionpro

Xerox ≫ Workcentre 275

Xerox ≫ Workcentre 275 Editionpro

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.58%	0.808

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/22252

Patch

Vendor Advisory

http://securitytracker.com/id?1016981

http://www.securityfocus.com/bid/20334/info

Patch

http://www.vupen.com/english/advisories/2006/3921

http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29357

https://nvd.nist.gov/vuln/detail/CVE-2006-5290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5290

EUVD