PT-2010-2305 · Xerox · Xerox Workcentre

Published

2010-02-04

Updated

2010-02-05

CVE-2010-0548

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xerox WorkCentre versions 5632, 5638, 5645, 5655, 5665, 5675, and 5687

Description The issue allows remote attackers to access mailboxes and read device configuration information by bypassing authorization mechanisms. This can be achieved through unknown vectors that evade Scan to Mailbox authorization and web server authorization.

Recommendations For Xerox WorkCentre versions 5632, 5638, 5645, 5655, 5665, 5675, and 5687, consider restricting access to the mailboxes and device configuration information until a fix is available. As a temporary workaround, restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-0548

Affected Products

Xerox Workcentre

PT-2010-2305 · Xerox · Xerox Workcentre

CVE-2010-0548

Weakness Enumeration

Related Identifiers

Affected Products

References · 4