CVE-2017-13771 – Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure

https://notcve.org/view.php?id=CVE-2017-13771

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan To Network (SNF) 3.2.9 y anteriores almacena las credenciales de configuración de red como texto plano y las transmite en peticiones, lo que permite que atacantes remotos obtengan información sensible mediante peticiones a (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet o (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan to Network (SNF) printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. • http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html http://seclists.org/fulldisclosure/2017/Aug/46 https://support.lexmark.com/alerts • CWE-522: Insufficiently Protected Credentials •