Security Bypass in Xerox WorkCentre and WorkCentre Pro Devices
CVE-2006-6430

Currently unrated

Key Information:

Vendor: Xerox
Status: Workcentre 255; Workcentre 245; Workcentre 238; Workcentre 232
Vendor: CVE Published:; 10 December 2006

What is CVE-2006-6430?

Xerox WorkCentre and WorkCentre Pro devices prior to specific software versions lack HTTP Secure (HTTPS) enforcement in their web services. This design flaw permits remote attackers to intercept and analyze unencrypted HTTP traffic, potentially exposing sensitive information transmitted between the device and users. The absence of secure communication channels on these models poses significant risks to data confidentiality and integrity, making it crucial for users to apply the necessary updates to close this security loophole.

References

http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/30679

vdb-entryx_refsource_XF

http://secunia.com/advisories/23265

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2006
Vulnerability Reserved
Dec 9, 2006