Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Aug/46 | Exploit Mailing List Third Party Advisory |
https://support.lexmark.com/alerts |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-07T13:00:00
Updated: 2021-07-20T16:49:31
Reserved: 2017-08-30T00:00:00
Link: CVE-2017-13771
JSON object: View
NVD Information
Status : Modified
Published: 2017-09-07T13:29:00.653
Modified: 2021-07-20T17:15:07.667
Link: CVE-2017-13771
JSON object: View
Redhat Information
No data.
CWE