CVE-2006-6427
Xerox WorkCentre and WorkCentre Pro - Remote Code Execution via TCP/IP Hostname or Scan-to-Mailbox Folder Name
Title source: llmDescription
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
Various Sources x_refsource_confirm
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf
Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017337
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30674
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23265
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21365
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4791
Scores
EPSS
0.0284
EPSS Percentile
84.9%
Details
CWE
CWE-78
Status
published
Products (3)
xerox/workcentre
12.060.17.000 (2 CPE variants)
xerox/workcentre
13.060.17.000 (2 CPE variants)
xerox/workcentre
14.060.17.000 (2 CPE variants)
Published
Dec 10, 2006
Tracked Since
Feb 18, 2026