CVE-2006-6467

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/23265	Patch Vendor Advisory
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:xerox:workcentre::::::::
	cpe:2.3:h:xerox:workcentre:::pro:::::*
	cpe:2.3:h:xerox:workcentre::::::::
	cpe:2.3:h:xerox:workcentre:::pro:::::*

History

No history.

Information

Published : 2006-12-11 18:28

Updated : 2023-12-10 10:40

NVD link : CVE-2006-6467

Mitre link : CVE-2006-6467

CVE.ORG link : CVE-2006-6467

JSON object : View

Products Affected

xerox

workcentre

CWE

NVD-CWE-Other

{"id": "CVE-2006-6467", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-11T18:28:00.000", "references": [{"url": "http://secunia.com/advisories/23265", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB \"Homes\" share and (2) SMB file system browsing."}, {"lang": "es", "value": "Xerox WorkCentre y WorkCentre Pro en versiones anteriores a la 12.050.03.000, 13.x anterior a la 13.050.03.000, y 14.x anterior a la 14.050.03.000, no restringen adecuadamente el acceso a los ficheros fuente de SMB, lo cual permite a atacantes remotos la obtenci\u00f3n del acceso a ficheros y directorios no especificados, a trav\u00e9s de vectores relacionados con (1) visibilidad de las comparticiones SMB \"Homes\" y (2) el sistema de exploraci\u00f3n de ficheros SMB."}], "lastModified": "2008-09-05T21:14:49.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:workcentre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FC791FD-B20C-4428-82A0-0E8174B8AB03", "versionEndIncluding": "13.050.02.000"}, {"criteria": "cpe:2.3:h:xerox:workcentre:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "628B8A80-E06B-4C8A-BC89-AAF760F28B89", "versionEndIncluding": "13.050.02.000"}, {"criteria": "cpe:2.3:h:xerox:workcentre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9562CF49-A540-4EA5-9120-B7DC007ED78C", "versionEndIncluding": "14.050.02.000"}, {"criteria": "cpe:2.3:h:xerox:workcentre:*:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7027CD-45A4-4759-AAA4-6B069DD2ED38", "versionEndIncluding": "14.050.02.000"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}