CVE-2006-4680 - OpenCVE

The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canon	Imagerunner 2620 Imagerunner 5020 Imagerunner 6870 Imagerunner 8500 Imagerunner 9070 Imagerunner C3220 Imagerunner C6800

Configuration 1 [-]

OR	cpe:2.3:a:canon:imagerunner_2620::::::::
	cpe:2.3:a:canon:imagerunner_5020::::::::
	cpe:2.3:a:canon:imagerunner_6870::::::::
	cpe:2.3:a:canon:imagerunner_8500::::::::
	cpe:2.3:a:canon:imagerunner_9070::::::::
	cpe:2.3:a:canon:imagerunner_c3220::::::::
	cpe:2.3:a:canon:imagerunner_c6800::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/21788
http://securityreason.com/securityalert/1538
http://www.securityfocus.com/archive/1/445302/100/0/threaded
http://www.securityfocus.com/archive/1/445532/100/0/threaded
http://www.securityfocus.com/bid/19865
http://www.vupen.com/english/advisories/2006/3501
https://exchange.xforce.ibmcloud.com/vulnerabilities/28795

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-11T17:00:00

Updated: 2024-08-07T19:23:40.877Z

Reserved: 2006-09-11T00:00:00

Link: CVE-2006-4680

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-11T17:04:00.000

Modified: 2018-10-17T21:39:04.293

Link: CVE-2006-4680

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060907 Re: Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445532/100/0/threaded"}, {"name": "ADV-2006-3501", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3501"}, {"name": "20060905 Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445302/100/0/threaded"}, {"name": "canon-imagerunner-information-disclosure(28795)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28795"}, {"name": "19865", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19865"}, {"name": "21788", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21788"}, {"name": "1538", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1538"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4680", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060907 Re: Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445532/100/0/threaded"}, {"name": "ADV-2006-3501", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3501"}, {"name": "20060905 Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445302/100/0/threaded"}, {"name": "canon-imagerunner-information-disclosure(28795)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28795"}, {"name": "19865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19865"}, {"name": "21788", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21788"}, {"name": "1538", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1538"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.877Z"}, "title": "CVE Program Container", "references": [{"name": "20060907 Re: Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445532/100/0/threaded"}, {"name": "ADV-2006-3501", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3501"}, {"name": "20060905 Canon ImageRunner reveals SMB, IPX, and FTP username/passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445302/100/0/threaded"}, {"name": "canon-imagerunner-information-disclosure(28795)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28795"}, {"name": "19865", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19865"}, {"name": "21788", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21788"}, {"name": "1538", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1538"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4680", "datePublished": "2006-09-11T17:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2024-08-07T19:23:40.877Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canon:imagerunner_2620:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E4C7D11-EE90-4E10-9BBB-9CDC55467A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_5020:*:*:*:*:*:*:*:*", "matchCriteriaId": "E411CEEF-8615-47B3-AC1F-F907ECD8C725", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_6870:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B994ED-E476-43EE-BD7D-FA3158AA66F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_8500:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC5C108F-F89B-457D-9EDA-A5096AA01363", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_9070:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C40ED96-C1D9-4C2F-B90A-BEF0B36BAF17", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_c3220:*:*:*:*:*:*:*:*", "matchCriteriaId": "66DACE20-FDA4-4633-9755-95F72257F6CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:canon:imagerunner_c6800:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1542430-BAEB-4A4E-B617-AFC303614E0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information."}, {"lang": "es", "value": "El interfaz de usuario remoto de Canon imageRUNNER incluye nombres de usuario y contrase\u00f1as cuando se exportan una libreta de direcciones, lo que permite a un atacante dependiente del contexto obtener informaci\u00f3n sensible."}], "id": "CVE-2006-4680", "lastModified": "2018-10-17T21:39:04.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-11T17:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21788"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1538"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445302/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445532/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19865"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3501"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28795"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}