| VID |
29135 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Printer |
| Detailed Description |
The FXPS printer, according to its firmware version, has an authentication bypass vulnerability. The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including Dell 3000cn through 5110cn, could allow a remote attacker to gain administrative control of the affected printer. A remote attacker could send a specially-crafted HTTP request to bypass authentication and modify system configuration or cause a denial of service on the print server.
* References:
https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities
http://www.securityfocus.com/archive/1/444321/30/0/threaded
http://www.frsirt.com/english/advisories/2006/3401
* Platforms Affected:
Fuji Xerox, Dell 5110cn firmware versions less than A01
Fuji Xerox, Dell 3110cn firmware versions less than A01
Fuji Xerox, Dell 3010cn firmware versions less than A01
Fuji Xerox, Dell 5100cn firmware versions less than A05
Fuji Xerox, Dell 3100cn firmware versions less than A05
Fuji Xerox, Dell 3000cn firmware versions less than A05
Fuji Xerox, Other OEM products using the affected FXPS print engine |
| Recommendation |
Apply the appropriate patch for this vulnerability, available from the links below:
For Dell 5110cn: http://ftp.us.dell.com/printer/R130538.EXE
For Dell 3110cn: http://ftp.us.dell.com/printer/R130356.EXE
For Dell 3010cn: http://ftp.us.dell.com/printer/R132075.EXE
For Dell 5100cn: http://ftp.us.dell.com/printer/R132718.EXE
For Dell 3100cn: http://ftp.us.dell.com/printer/R132079.EXE
For Dell 3000cn: http://ftp.us.dell.com/printer/R132368.EXE |
| Related URL |
CVE-2006-2113 (CVE) |
| Related URL |
19716 (SecurityFocus) |
| Related URL |
28641 (ISS) |
|
