Xerox WorkCentre Web Server Unspecified Command Injection (XRX09-001)

Critical Nessus Plugin ID 35566


The remote multi-function device is affected by a command injection vulnerability.


According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly has an as-yet unspecified command injection vulnerability in its web server. A remote attacker may be able to leverage this issue to execute arbitrary code via carefully crafted inputs on an affected web page.


Apply the P37 patch as described in the Xerox security bulletin referenced above.

See Also

Plugin Details

Severity: Critical

ID: 35566

File Name: xerox_xrx09_001.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Misc.

Published: 2009/02/01

Modified: 2013/11/05

Dependencies: 18141

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/01/30

Vulnerability Publication Date: 2009/01/30

Reference Information

BID: 33531

OSVDB: 53635