Xerox WorkCentre SNMP authentication bypass
| xerox-workcentre-snmp-auth-bypass (20192) |  Medium Risk |
Description:
Xerox MicroServer Web Server could allow a remote attacker to bypass security restrictions and gain unauthorized access to the device, caused by an unspecified vulnerability in MicroServer Web Server SNMP authentication. An attacker could exploit this vulnerability to make changes to the system configuration.
Note: Products affected by this vulnerability include the WorkCentre M and WorkCentre Pro.
Consequences:
Bypass Security
Remedy:
Apply the P21_WebUI Patch_AllWCP, as listed in XEROX Security Bulletin XRX05-005. See References.
References:
- XEROX Security Bulletin XRX05-005: Multiple vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access. .
- BID-13196: Xerox MicroServer Unspecified SNMP Authentication Bypass Vulnerability
- CVE-2005-1179: Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703.
- SA14507: Xerox MicroServer Web Server Multiple Vulnerabilities
Platforms Affected:
- Xerox WorkCentre 32 Color 01.00.060
- Xerox WorkCentre 32 Color 01.02.053.1
- Xerox WorkCentre 32 Color 01.02.058.4
- Xerox WorkCentre 32 Color 01.02.077.1
- Xerox WorkCentre 32 Color 1.2.81
- Xerox WorkCentre 40 Color 01.00.060
- Xerox WorkCentre 40 Color 01.02.053.1
- Xerox WorkCentre 40 Color 01.02.058.4
- Xerox WorkCentre 40 Color 01.02.077.1
- Xerox WorkCentre 40 Color 01.02.65.1
- Xerox WorkCentre 40 Color 1.2.81
- Xerox WorkCentre M165 6.47.30.000
- Xerox WorkCentre M165 6.47.33.008
- Xerox WorkCentre M165 8.47.30.000
- Xerox WorkCentre M165 8.47.33.008
- Xerox WorkCentre M175 6.47.30.000
- Xerox WorkCentre M175 6.47.33.008
- Xerox WorkCentre M175 8.47.30.000
- Xerox WorkCentre M175 8.47.33.008
- Xerox WorkCentre M35 2.28.11.000
- Xerox WorkCentre M35 2.97.20.032
- Xerox WorkCentre M35 4.84.16.000
- Xerox WorkCentre M35 4.97.20.025
- Xerox WorkCentre M35 4.97.20.032
- Xerox WorkCentre M45 2.28.11.000
- Xerox WorkCentre M45 2.97.20.032
- Xerox WorkCentre M45 4.84.16.000
- Xerox WorkCentre M45 4.97.20.025
- Xerox WorkCentre M45 4.97.20.032
- Xerox WorkCentre M55 2.28.11.000
- Xerox WorkCentre M55 2.97.20.032
- Xerox WorkCentre M55 4.84.16.000
- Xerox WorkCentre M55 4.97.20.025
- Xerox WorkCentre M55 4.97.20.032
- Xerox WorkCentre Pro 165 7.47.30.000
- Xerox WorkCentre Pro 165 7.47.33.008
- Xerox WorkCentre Pro 175 7.47.30.000
- Xerox WorkCentre Pro 175 7.47.33.008
- Xerox WorkCentre Pro 35 3.028.11.000
- Xerox WorkCentre Pro 35 3.97.20.032
- Xerox WorkCentre Pro 45 3.028.11.000
- Xerox WorkCentre Pro 45 3.97.20.032
- Xerox WorkCentre Pro 55 3.028.11.000
- Xerox WorkCentre Pro 55 3.97.20.032
- Xerox WorkCentre Pro 65 1.001.00.060
- Xerox WorkCentre Pro 65 1.001.02.084
- Xerox WorkCentre Pro 75 1.001.00.060
- Xerox WorkCentre Pro 75 1.001.02.084
- Xerox WorkCentre Pro 90 1.001.00.060
- Xerox WorkCentre Pro 90 1.001.02.084
- Xerox WorkCentre Pro Color 2128 0.001.04.044
- Xerox WorkCentre Pro Color 2636 0.001.04.044
- Xerox WorkCentre Pro Color 3545 0.001.04.044
Reported:
Apr 15, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net