CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
Lexmark Scan To Network (SNF) 3.2.9 y anteriores almacena las credenciales de configuraciĆ³n de red como texto plano y las transmite en peticiones, lo que permite que atacantes remotos obtengan informaciĆ³n sensible mediante peticiones a (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet o (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
Lexmark Scan to Network (SNF) printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-30 CVE Reserved
- 2017-09-01 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://support.lexmark.com/alerts | X_refsource_misc |
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html | 2024-08-05 | |
http://seclists.org/fulldisclosure/2017/Aug/46 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Lexmark Search vendor "Lexmark" | Scan To Network Search vendor "Lexmark" for product "Scan To Network" | <= 3.2.9 Search vendor "Lexmark" for product "Scan To Network" and version " <= 3.2.9" | - |
Affected
|