Xerox MicroServer Web Server unauthenticated default account security bypass
| xerox-webserver-security-bypass (19602) |  High Risk |
Description:
Xerox MicroServer Web Server could allow a remote attacker to bypass security restrictions and gain unauthorized access to the device, caused by an unauthenticated default account in the MicroServer Web Server code. An attacker could exploit this vulnerability to make changes to the system configuration.
Note: Products affected by this vulnerability include the WorkCentre M and WorkCenter Pro.
Consequences:
Bypass Security
Remedy:
Apply the patch for this vulnerability, as listed in XEROX Security Bulletin XRX05-005. See References.
References:
- Xerox Office Customer Support Web page: Xerox Office Customer Support.
- XEROX Security Bulletin XRX05-005: Multiple vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access. .
- BID-12731: Xerox Microserver Web Server Unspecified Remote Authorization Bypass Vulnerability
- BID-13198: Xerox MicroServer Web Server Default Account Authentication Bypass Vulnerability
- CVE-2005-0703: Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an unauthenticated account
- SA14507: Xerox MicroServer Web Server Multiple Vulnerabilities
Platforms Affected:
- Cisco Wireless LAN Controller 3.2
- Xerox WorkCentre M165 6.47.30.000
- Xerox WorkCentre M165 8.47.30.000
- Xerox WorkCentre M165 8.47.33.008
- Xerox WorkCentre M165
- Xerox WorkCentre M175 6.47.30.000
- Xerox WorkCentre M175 6.47.33.008
- Xerox WorkCentre M175 8.47.30.000
- Xerox WorkCentre M175 8.47.33.008
- Xerox WorkCentre M175
- Xerox WorkCentre M35 2.28.11.000
- Xerox WorkCentre M35 2.97.20.032
- Xerox WorkCentre M35 4.84.16.000
- Xerox WorkCentre M35
- Xerox WorkCentre M45 2.28.11.000
- Xerox WorkCentre M45 2.97.20.032
- Xerox WorkCentre M45 4.84.16.000
- Xerox WorkCentre M45
- Xerox WorkCentre M55 2.28.11.000
- Xerox WorkCentre M55 2.97.20.032
- Xerox WorkCentre M55 4.84.16.000
- Xerox WorkCentre M55
- Xerox WorkCentre Pro 165 7.47.30.000
- Xerox WorkCentre Pro 165 7.47.33.008
- Xerox WorkCentre Pro 165
- Xerox WorkCentre Pro 175 7.47.30.000
- Xerox WorkCentre Pro 175 7.47.33.008
- Xerox WorkCentre Pro 175
- Xerox WorkCentre Pro 32 0.001.00.060
- Xerox WorkCentre Pro 32 0.001.02.081
- Xerox WorkCentre Pro 32 Color
- Xerox WorkCentre Pro 35 3.028.11.000
- Xerox WorkCentre Pro 35 3.97.20.032
- Xerox WorkCentre Pro 35
- Xerox WorkCentre Pro 40 0.001.00.060
- Xerox WorkCentre Pro 40 0.001.02.081
- Xerox WorkCentre Pro 40 Color
- Xerox WorkCentre Pro 45 3.028.11.000
- Xerox WorkCentre Pro 45 3.97.20.032
- Xerox WorkCentre Pro 45
- Xerox WorkCentre Pro 55 3.028.11.000
- Xerox WorkCentre Pro 55 3.97.20.032
- Xerox WorkCentre Pro 55
- Xerox WorkCentre Pro 65 1.001.00.060
- Xerox WorkCentre Pro 65 1.001.02.084
- Xerox WorkCentre Pro 65
- Xerox WorkCentre Pro 75 1.001.00.060
- Xerox WorkCentre Pro 75 1.001.02.084
- Xerox WorkCentre Pro 75
- Xerox WorkCentre Pro 90 1.001.00.060
- Xerox WorkCentre Pro 90 1.001.02.084
- Xerox WorkCentre Pro 90
- Xerox WorkCentre Pro Color 2128 0.001.04.044
- Xerox WorkCentre Pro Color 2128
- Xerox WorkCentre Pro Color 2636 0.001.04.044
- Xerox WorkCentre Pro Color 2636
- Xerox WorkCentre Pro Color 3545 0.001.04.044
- Xerox WorkCentre Pro Color 3545
Reported:
Mar 07, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net