Xerox WorkCentre Web Server Unspecified Command Injection (XRX09-002)

Critical Nessus Plugin ID 38790


The remote multi-function device is affected by a command injection vulnerability.


According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly has an as-yet unspecified command injection vulnerability in its web server. A remote attacker may be able to leverage this issue to execute arbitrary code via carefully crafted inputs on an affected web page.


Apply the P38 patch as described in the Xerox security bulletin referenced in the included URL.

See Also

Plugin Details

Severity: Critical

ID: 38790

File Name: xerox_xrx09_002.nasl

Version: $Revision: 1.11 $

Type: remote

Family: Misc.

Published: 2009/05/15

Modified: 2017/08/16

Dependencies: 18141

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:ND/RC:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/05/15

Vulnerability Publication Date: 2009/05/15

Reference Information

CVE: CVE-2009-1656

BID: 34984

OSVDB: 54457

Secunia: 35101