CVE-2006-6427

Xerox WorkCentre and WorkCentre Pro - Remote Code Execution via TCP/IP Hostname or Scan-to-Mailbox Folder Name

Title source: llm
STIX 2.1

Description

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

References (7)

Core 7
Core References
Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017337
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30674
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23265
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21365
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4791

Scores

EPSS 0.0284
EPSS Percentile 84.9%

Details

CWE
CWE-78
Status published
Products (3)
xerox/workcentre 12.060.17.000 (2 CPE variants)
xerox/workcentre 13.060.17.000 (2 CPE variants)
xerox/workcentre 14.060.17.000 (2 CPE variants)
Published Dec 10, 2006
Tracked Since Feb 18, 2026