Vulnerabilities > CVE-2006-6430 - Multiple vulnerability in Xerox WorkCentre and WorkCentre Pro

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

xerox

nessus

NVD

Published: 2006-12-10

Updated: 2017-07-29

Summary

Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.

Vulnerable Configurations

Part	Description	Count
Hardware	Xerox Xerox Workcentre 232 * Xerox Workcentre 238 * Xerox Workcentre 245 * Xerox Workcentre 255 * Xerox Workcentre 265 * Xerox Workcentre 275 *	12

Nessus

NASL family	Misc.
NASL id	XEROX_XRX06_006.NASL
description	According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly suffers from multiple issues such as command injection and information disclosure vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	23751
published	2006-12-01
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23751
title	Xerox WorkCentre Multiple Vulnerabilities (XRX06-006)

Summary

Vulnerable Configurations

Nessus

References