A vulnerability, which was classified as critical, has been found in Xerox WorkCentre 12.060.17.000/13.060.17.000/14.060.17.000 (Printing Software). This issue affects an unknown part. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack.

The weakness was presented 12/10/2006 (Website). It is possible to read the advisory at xerox.com. The identification of this vulnerability is CVE-2006-6435 since 12/09/2006. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

Upgrading to version 12.050.03.000 eliminates this vulnerability.

See 723, 724, 20624 and 33782 for similar entries.

Productinfo

Type

• Printing Software

Vendor

• Xerox

Name

• WorkCentre

Version

• 12.060.17.000
• 13.060.17.000
• 14.060.17.000

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion