Unknown
CVE-2016-11061
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2016-11061
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- workcentre 3655 firmware,
- workcentre 3655i firmware,
- workcentre 5865 firmware,
- workcentre 5865i firmware,
- workcentre 5875 firmware,
- workcentre 5875i firmware,
- workcentre 5890 firmware,
- workcentre 5890i firmware,
- workcentre 5945 firmware,
- workcentre 5945i firmware,
- workcentre 5955 firmware,
- workcentre 5955i firmware,
- workcentre 6655 firmware,
- workcentre 6655i firmware,
- workcentre 7200 firmware,
- workcentre 7200i firmware,
- workcentre 7220 firmware,
- workcentre 7225 firmware,
- workcentre 7225i firmware,
- workcentre 7830 firmware,
- workcentre 7835 firmware,
- workcentre 7845 firmware,
- workcentre 7855 firmware,
- workcentre 7970 firmware,
- workcentre 7970i firmware
Weaknesses
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
