Detections
Analytics
Xerox WorkCentre Command Injection (XRX11-001)
critical Nessus Plugin ID 51901
Language:
Synopsis
The remote multi-function device may allow arbitrary code execution.Description
According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly allows an unauthenticated attacker to execute arbitrary code via specially crafted HTTP requests.Solution
Apply the P45 patch as described in the Xerox security bulletin.See Also
https://www.xerox.com/downloads/usa/en/c/cert_XRX11-001_v1.0.pdf
Plugin Details
Severity: Critical
ID: 51901
File Name: xerox_xrx11_001.nasl
Version: 1.8
Type: remote
Family: Misc.
Published: 2/8/2011
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/h:xerox:workcentre
Required KB Items: www/xerox_workcentre, www/xerox_workcentre/model, www/xerox_workcentre/ess
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/4/2011
Vulnerability Publication Date: 2/4/2011
Reference Information
BID: 46160