Xerox WorkCentre Command Injection (XRX11-001)

Critical Nessus Plugin ID 51901


The remote multi-function device may allow arbitrary code execution.


According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly allows an unauthenticated attacker to execute arbitrary code via specially crafted HTTP requests.


Apply the P45 patch as described in the Xerox security bulletin.

See Also

Plugin Details

Severity: Critical

ID: 51901

File Name: xerox_xrx11_001.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2011/02/08

Modified: 2013/11/05

Dependencies: 18141

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre, www/xerox_workcentre/model, www/xerox_workcentre/ess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/04

Vulnerability Publication Date: 2011/02/04

Reference Information

BID: 46160

OSVDB: 70807