Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access (XRX09-003)
Medium Nessus Plugin ID 40807
SynopsisThe remote multi-function device may allow unauthorized access.
DescriptionAccording to its model number and software version, the remote host is a Xerox WorkCentre device that could allow a remote attacker to obtain unauthorized access to device configuration settings, possibly exposing customer passwords.
Note that successful exploitation requires that SSL is not enabled for the web server component.
SolutionApply the P39 patch as described in the Xerox security bulletin referenced above.