ByteOS Network

Source-cve@mitre.org

Published At-25 Aug, 2006 | 01:04

Updated At-03 Apr, 2025 | 01:03

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:P

CPE Matches

Dell Inc.

>>3000cn>>*

cpe:2.3:h:dell:3000cn:*:*:*:*:*:*:*:*

Dell Inc.

>>3010cn>>*

cpe:2.3:h:dell:3010cn:*:*:*:*:*:*:*:*

Dell Inc.

>>3100cn>>*

cpe:2.3:h:dell:3100cn:*:*:*:*:*:*:*:*

Dell Inc.

>>3110cn>>*

cpe:2.3:h:dell:3110cn:*:*:*:*:*:*:*:*

Dell Inc.

>>5100cn>>*

cpe:2.3:h:dell:5100cn:*:*:*:*:*:*:*:*

Dell Inc.

>>5110cn>>*

cpe:2.3:h:dell:5110cn:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_181>>*

cpe:2.3:h:fuji_xerox:docuprint_181:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_181_network_option_card>>*

cpe:2.3:h:fuji_xerox:docuprint_181_network_option_card:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_211>>*

cpe:2.3:h:fuji_xerox:docuprint_211:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_211_network_option_card>>*

cpe:2.3:h:fuji_xerox:docuprint_211_network_option_card:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c1616>>*

cpe:2.3:h:fuji_xerox:docuprint_c1616:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c1616_network_option_card>>*

cpe:2.3:h:fuji_xerox:docuprint_c1616_network_option_card:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c2535a>>*

cpe:2.3:h:fuji_xerox:docuprint_c2535a:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c525a>>*

cpe:2.3:h:fuji_xerox:docuprint_c525a:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c525a_network_option_card>>*

cpe:2.3:h:fuji_xerox:docuprint_c525a_network_option_card:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c830>>*

cpe:2.3:h:fuji_xerox:docuprint_c830:*:*:*:*:*:*:*:*

fuji_xerox>>docuprint_c830_network_option_card>>*

cpe:2.3:h:fuji_xerox:docuprint_c830_network_option_card:*:*:*:*:*:*:*:*

fuji_xerox>>fuji_xerox_printing_systems_print_engine>>*

cpe:2.3:h:fuji_xerox:fuji_xerox_printing_systems_print_engine:*:*:*:*:*:*:*:*

fuji_xerox>>phaser_6201j>>*

cpe:2.3:h:fuji_xerox:phaser_6201j:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov

CWE ID: CWE-287

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities	cve@mitre.org	Patch
http://marc.info/?l=bugtraq&m=115652437223454&w=2	cve@mitre.org	N/A
http://secunia.com/advisories/21630	cve@mitre.org	N/A
http://secunia.com/advisories/22463	cve@mitre.org	Vendor Advisory
http://www.osvdb.org/28250	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/444321/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/19716	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/3401	cve@mitre.org	Vendor Advisory
http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	Patch
http://marc.info/?l=bugtraq&m=115652437223454&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21630	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/22463	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.osvdb.org/28250	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/444321/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/19716	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/3401	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory