Sign-up

ID

VAR-199911-0073


CVE

CVE-1999-1508


TITLE

Tektronix PhaserLink Web Server vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199911-055

DESCRIPTION

Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html. Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modify the system characteristics, restart the machine, asign services etc. Once the password is obtained by the user, they can manipulate the printer in any way they see fit. There is a bug in the web server on Tektronix PhaserLink Printer 840.0 and earlier

Trust: 1.26

sources: NVD: CVE-1999-1508 // BID: 806 // VULHUB: VHN-1489

AFFECTED PRODUCTS

vendor:tekmodel:phaser network printer 930scope:eqversion:*

Trust: 1.0

vendor:tekmodel:phaser network printer 750dpscope:eqversion:*

Trust: 1.0

vendor:tekmodel:phaser network printer 750scope:eqversion:*

Trust: 1.0

vendor:tekmodel:phaser network printer 740scope:eqversion:*

Trust: 1.0

vendor:tekmodel:phaser network printer 840scope:eqversion:*

Trust: 1.0

vendor:tekmodel:phaser network printer 740scope: - version: -

Trust: 0.6

vendor:tekmodel:phaser network printer 930scope: - version: -

Trust: 0.6

vendor:tekmodel:phaser network printer 750dpscope: - version: -

Trust: 0.6

vendor:tekmodel:phaser network printer 750scope: - version: -

Trust: 0.6

vendor:tekmodel:phaser network printer 840scope: - version: -

Trust: 0.6

vendor:tektronixmodel:phaser network printerscope:eqversion:930

Trust: 0.3

vendor:tektronixmodel:phaser network printerscope:eqversion:840

Trust: 0.3

vendor:tektronixmodel:phaser network printer 750dpscope: - version: -

Trust: 0.3

vendor:tektronixmodel:phaser network printerscope:eqversion:750

Trust: 0.3

vendor:tektronixmodel:phaser network printerscope:eqversion:740

Trust: 0.3

sources: BID: 806 // CNNVD: CNNVD-199911-055 // NVD: CVE-1999-1508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1508
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199911-055
value: CRITICAL

Trust: 0.6

VULHUB: VHN-1489
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-1508
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1489
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1489 // CNNVD: CNNVD-199911-055 // NVD: CVE-1999-1508

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1508

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199911-055

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199911-055

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-1489

EXTERNAL IDS
db:NVDid:CVE-1999-1508
Trust: 2.0
db:BIDid:806
Trust: 2.0
db:CNNVDid:CNNVD-199911-055
Trust: 0.7
db:BUGTRAQid:19991116 [FWD: PRINTER VULNERABILITY: TEKTRONIX PHASERLINK WEBSERVER GIVES ADMINISTRATOR PASSWORD]
Trust: 0.6
db:EXPLOIT-DBid:19632
Trust: 0.1
db:VULHUBid:VHN-1489
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1489 // 
            
            
            
            BID: 806 // 
            
            
            
            CNNVD: CNNVD-199911-055 // 
            
            
            
            NVD: CVE-1999-1508

REFERENCES
url:http://www.securityfocus.com/bid/806
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=94286041430870&w=2
Trust: 1.0
url:http://marc.theaimsgroup.com/?l=bugtraq&m=94286041430870&w=2
Trust: 0.6
url:http://www.tek.com/home/support.html
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=94286041430870&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1489 // 
            
            
            
            BID: 806 // 
            
            
            
            CNNVD: CNNVD-199911-055 // 
            
            
            
            NVD: CVE-1999-1508

CREDITS
This bug was discovered and posted to the Bugtraq mailing list by Dennis W. Mattison <dwmatt@nosc.mil> on Tue, 16 Nov 1999.
Trust: 0.9
sources:
            
            
            BID: 806 // 
            
            
            
            CNNVD: CNNVD-199911-055

SOURCES
db:VULHUBid:VHN-1489
db:BIDid:806
db:CNNVDid:CNNVD-199911-055
db:NVDid:CVE-1999-1508

LAST UPDATE DATE
2024-08-14T14:23:19.156000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-1489date:2016-10-18T00:00:00
db:BIDid:806date:2009-07-11T00:56:00
db:CNNVDid:CNNVD-199911-055date:2005-10-20T00:00:00
db:NVDid:CVE-1999-1508date:2016-10-18T02:05:06.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-1489date:1999-11-16T00:00:00
db:BIDid:806date:1999-11-17T00:00:00
db:CNNVDid:CNNVD-199911-055date:1999-11-16T00:00:00
db:NVDid:CVE-1999-1508date:1999-11-16T05:00:00