Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass

medium Nessus Plugin ID 22272

Synopsis

The remote web server is affected by an authentication bypass isssue.

Description

The remote host appears to be a Fuji Xerox Printing Systems (FXPS) printer.

According to its firmware version, the web server component of the FXPS device reportedly fails to authenticate HTTP requests, which could allow a remote attacker to gain administrative control of the affected printer and make unauthorized changes to it, including denying service to legitimate users.

Solution

Apply the appropriate patch as referenced in the advisory.

See Also

http://www.nessus.org/u?3f115f81

https://www.securityfocus.com/archive/1/444321/30/0/threaded

Plugin Details

Severity: Medium

ID: 22272

File Name: fxps_http_auth_bypass.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 8/29/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/24/2006

Reference Information

CVE: CVE-2006-2113

BID: 19716