CVE Vulnerabilities

CVE-2006-2113

Improper Authentication

Published: Aug 25, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
3000cn Dell * *
3010cn Dell * *
3100cn Dell * *
3110cn Dell * *
5100cn Dell * *
5110cn Dell * *
Docuprint_181 Fuji_xerox * *
Docuprint_181_network_option_card Fuji_xerox * *
Docuprint_211 Fuji_xerox * *
Docuprint_211_network_option_card Fuji_xerox * *
Docuprint_c1616 Fuji_xerox * *
Docuprint_c1616_network_option_card Fuji_xerox * *
Docuprint_c2535a Fuji_xerox * *
Docuprint_c525a Fuji_xerox * *
Docuprint_c525a_network_option_card Fuji_xerox * *
Docuprint_c830 Fuji_xerox * *
Docuprint_c830_network_option_card Fuji_xerox * *
Fuji_xerox_printing_systems_print_engine Fuji_xerox * *
Phaser_6201j Fuji_xerox * *

Potential Mitigations

References