Unrated severityNVD Advisory· Published Dec 10, 2006· Updated Apr 23, 2026

CVE-2006-6427

Description

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

Affected products

Xerox/Workcentre6 versions
cpe:2.3:h:xerox:workcentre:12.060.17.000:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:h:xerox:workcentre:12.060.17.000:*:*:*:*:*:*:*
- cpe:2.3:h:xerox:workcentre:12.060.17.000:*:pro:*:*:*:*:*
- cpe:2.3:h:xerox:workcentre:13.060.17.000:*:*:*:*:*:*:*
- cpe:2.3:h:xerox:workcentre:13.060.17.000:*:pro:*:*:*:*:*
- cpe:2.3:h:xerox:workcentre:14.060.17.000:*:*:*:*:*:*:*
- cpe:2.3:h:xerox:workcentre:14.060.17.000:*:pro:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdfnvdPatch
secunia.com/advisories/23265nvdVendor Advisory
securitytracker.com/idnvdVendor Advisory
www.vupen.com/english/advisories/2006/4791nvdVendor Advisory
www.securityfocus.com/bid/21365nvd
www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdfnvd
exchange.xforce.ibmcloud.com/vulnerabilities/30674nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000