CVE-2006-2113

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities	Patch
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://secunia.com/advisories/21630
http://secunia.com/advisories/22463	Vendor Advisory
http://www.osvdb.org/28250
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19716
http://www.vupen.com/english/advisories/2006/3401	Vendor Advisory
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities	Patch
http://marc.info/?l=bugtraq&m=115652437223454&w=2
http://secunia.com/advisories/21630
http://secunia.com/advisories/22463	Vendor Advisory
http://www.osvdb.org/28250
http://www.securityfocus.com/archive/1/444321/100/0/threaded
http://www.securityfocus.com/bid/19716
http://www.vupen.com/english/advisories/2006/3401	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:dell:3000cn::::::::
	cpe:2.3:h:dell:3010cn::::::::
	cpe:2.3:h:dell:3100cn::::::::
	cpe:2.3:h:dell:3110cn::::::::
	cpe:2.3:h:dell:5100cn::::::::
	cpe:2.3:h:dell:5110cn::::::::
	cpe:2.3:h:fuji_xerox:docuprint_181::::::::
	cpe:2.3:h:fuji_xerox:docuprint_181_network_option_card::::::::
	cpe:2.3:h:fuji_xerox:docuprint_211::::::::
	cpe:2.3:h:fuji_xerox:docuprint_211_network_option_card::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c1616::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c1616_network_option_card::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c2535a::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c525a::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c525a_network_option_card::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c830::::::::
	cpe:2.3:h:fuji_xerox:docuprint_c830_network_option_card::::::::
	cpe:2.3:h:fuji_xerox:fuji_xerox_printing_systems_print_engine::::::::
	cpe:2.3:h:fuji_xerox:phaser_6201j::::::::

History

21 Nov 2024, 00:10

Type	Values Removed	Values Added
References	~~() http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities - Patch~~	() http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities - Patch
References	~~() http://marc.info/?l=bugtraq&m=115652437223454&w=2 -~~	() http://marc.info/?l=bugtraq&m=115652437223454&w=2 -
References	~~() http://secunia.com/advisories/21630 -~~	() http://secunia.com/advisories/21630 -
References	~~() http://secunia.com/advisories/22463 - Vendor Advisory~~	() http://secunia.com/advisories/22463 - Vendor Advisory
References	~~() http://www.osvdb.org/28250 -~~	() http://www.osvdb.org/28250 -
References	~~() http://www.securityfocus.com/archive/1/444321/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/444321/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/19716 -~~	() http://www.securityfocus.com/bid/19716 -
References	~~() http://www.vupen.com/english/advisories/2006/3401 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/3401 - Vendor Advisory

Information

Published : 2006-08-25 01:04

Updated : 2024-11-21 00:10

NVD link : CVE-2006-2113

Mitre link : CVE-2006-2113

CVE.ORG link : CVE-2006-2113

JSON object : View

Products Affected

dell

3110cn
5110cn
3000cn
3010cn
5100cn
3100cn

fuji_xerox

docuprint_211_network_option_card
docuprint_181_network_option_card
docuprint_c830_network_option_card
phaser_6201j
docuprint_c1616
docuprint_211
docuprint_c2535a
docuprint_c830
docuprint_c525a_network_option_card
fuji_xerox_printing_systems_print_engine
docuprint_181
docuprint_c1616_network_option_card
docuprint_c525a

CWE

CWE-287

Improper Authentication

{"id": "CVE-2006-2113", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-25T01:04:00.000", "references": [{"url": "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=115652437223454&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21630", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22463", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28250", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/444321/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19716", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3401", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=115652437223454&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21630", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/22463", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/28250", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/444321/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/19716", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/3401", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server."}, {"lang": "es", "value": "El servidor HTTP incrustado en el motor de impresi\u00f3n Fuji Xerox Printing Systems (FXPS), como se usa en productos incluyendo (1) Dell 3000cn hasta la versi\u00f3n 5110cn y (2) firmware Fuji Xerox DocuPrint en versiones anteriores a 20060628 y firmware Network Option Card en versiones anteriores a 5.13, no realiza correctamente autenticaci\u00f3n para peticiones HTTP, lo que permite a atacantes remotos modificar la configuraci\u00f3n del sistema a trav\u00e9s de peticiones manipuladas, incluyendo el cambio de la contrase\u00f1a de administrador o provocando una denegaci\u00f3n de servicio al servidor de impresi\u00f3n."}], "lastModified": "2024-11-21T00:10:35.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:3000cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "532844ED-5FC7-4E82-B952-329DF0633284"}, {"criteria": "cpe:2.3:h:dell:3010cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A989FB9D-2D1D-4E3B-931E-F07690973A42"}, {"criteria": "cpe:2.3:h:dell:3100cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22B029AC-DC1F-4E13-8920-B935400872BD"}, {"criteria": "cpe:2.3:h:dell:3110cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "540F4B27-245A-48BD-9256-D998C0A2BD42"}, {"criteria": "cpe:2.3:h:dell:5100cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A101A57-0EEF-4F38-A5D2-CBA609185183"}, {"criteria": "cpe:2.3:h:dell:5110cn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B111FC-9F91-40F1-99DB-06912966AC2F"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_181:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72A3031C-8F6A-4B4A-ABD0-D757BF273C1D"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_181_network_option_card:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45F323A9-A927-46CB-A5E3-CD15E19F5AB9"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_211:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0B77692-BC61-4DA1-B663-DB94523D7737"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_211_network_option_card:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F55AAD7-51CD-4E27-B371-054F8BA8D5F9"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c1616:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690C64B8-73C5-44D5-9175-74E3A95AA582"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c1616_network_option_card:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C451049F-4F93-4E56-B6D0-F20E9E6EEA1C"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c2535a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B73A75-921E-4C95-8C23-CD948CB3272E"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c525a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4EA020-6728-4B85-9E62-E12394CD75E6"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c525a_network_option_card:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DE72B32-B190-4AE0-AF83-C46E6F4B1EE0"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c830:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EA7F17D-9E0A-447B-BCB6-A92EF808D8D9"}, {"criteria": "cpe:2.3:h:fuji_xerox:docuprint_c830_network_option_card:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A32B109E-96DB-47F4-BC71-CBA2A7BCF1BD"}, {"criteria": "cpe:2.3:h:fuji_xerox:fuji_xerox_printing_systems_print_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADEBB9E-0656-440A-B21F-C6896F46E929"}, {"criteria": "cpe:2.3:h:fuji_xerox:phaser_6201j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E682A0CD-C660-48AE-BC60-C50115FC2114"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.4 /10