Xerox WorkCentre Extensible Interface Platform Unspecified Security Bypass (XRX08-006)

critical Nessus Plugin ID 33167

Synopsis

The remote multi-function device is affected by multiple issues.

Description

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly contains an unspecified vulnerability affecting the Extensible Interface Platform feature in the product's Web Services. A remote attacker may be able to leverage this issue to make changes to the system configuration.

Solution

Apply the P34 patch as described in the Xerox security bulletin referenced above.

See Also

https://www.xerox.com/downloads/usa/en/c/cert_XRX08_006.pdf

Plugin Details

Severity: Critical

ID: 33167

File Name: xerox_xrx08_006.nasl

Version: 1.17

Type: remote

Family: Misc.

Published: 6/13/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Ease: No known exploits are available

Patch Publication Date: 6/12/2008

Vulnerability Publication Date: 6/12/2008

Reference Information

CVE: CVE-2008-2824

BID: 29691

CWE: 264

Secunia: 30670