Details of VAR-201709-1053

ID

VAR-201709-1053

CVE

CVE-2017-13771

TITLE

Lexmark Scan To Network Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-007699

DESCRIPTION

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan To Network (SNF) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LexmarkScanToNetwork (SNF) is an embedded printer application from Lexmark. A security vulnerability exists in LexmarkSNF 3.2.9 and earlier that originated from the program storing the network configuration certificate in clear text and transmitting the certificate upon request. A remote attacker can use the vulnerability to obtain sensitive information by sending a request to cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet

Trust: 2.25

sources: NVD: CVE-2017-13771 // JVNDB: JVNDB-2017-007699 // CNVD: CNVD-2017-31127 // VULMON: CVE-2017-13771

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-31127

AFFECTED PRODUCTS

vendor:	lexmark	model:	scan to network	scope:	lte	version:	3.2.9	Trust: 1.8
vendor:	lexmark	model:	scan to network	scope:	lte	version:	<=3.2.9	Trust: 0.6
vendor:	lexmark	model:	scan to network	scope:	eq	version:	3.2.9	Trust: 0.6

sources: CNVD: CNVD-2017-31127 // JVNDB: JVNDB-2017-007699 // CNNVD: CNNVD-201709-054 // NVD: CVE-2017-13771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13771
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-13771
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-31127
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-054
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2017-13771
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13771
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-31127
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-13771
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-31127 // VULMON: CVE-2017-13771 // JVNDB: JVNDB-2017-007699 // CNNVD: CNNVD-201709-054 // NVD: CVE-2017-13771

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2017-007699 // NVD: CVE-2017-13771

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-054

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-054

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007699

PATCH

title:

Top Page

url:

http://www.lexmark.com/en_us.html

Trust: 0.8

sources: JVNDB: JVNDB-2017-007699

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13771	Trust: 3.1
db:	PACKETSTORM	id:	143975	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007699	Trust: 0.8
db:	EXPLOITALERT	id:	27457	Trust: 0.6
db:	CNVD	id:	CNVD-2017-31127	Trust: 0.6
db:	CNNVD	id:	CNNVD-201709-054	Trust: 0.6
db:	VULMON	id:	CVE-2017-13771	Trust: 0.1

sources: CNVD: CNVD-2017-31127 // VULMON: CVE-2017-13771 // JVNDB: JVNDB-2017-007699 // CNNVD: CNNVD-201709-054 // NVD: CVE-2017-13771

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/aug/46	Trust: 2.5
url:	http://packetstormsecurity.com/files/143975/lexmark-scan-to-network-snf-3.2.9-information-disclosure.html	Trust: 1.8
url:	https://support.lexmark.com/alerts	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13771	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13771	Trust: 0.8
url:	http://www.exploitalert.com/view-details.html?id=27457	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-31127 // VULMON: CVE-2017-13771 // JVNDB: JVNDB-2017-007699 // CNNVD: CNNVD-201709-054 // NVD: CVE-2017-13771

SOURCES

db:	CNVD	id:	CNVD-2017-31127
db:	VULMON	id:	CVE-2017-13771
db:	JVNDB	id:	JVNDB-2017-007699
db:	CNNVD	id:	CNNVD-201709-054
db:	NVD	id:	CVE-2017-13771

LAST UPDATE DATE

2024-11-23T22:38:25.279000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-31127	date:	2017-10-23T00:00:00
db:	VULMON	id:	CVE-2017-13771	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-007699	date:	2017-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201709-054	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-13771	date:	2024-11-21T03:11:38.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-31127	date:	2017-10-23T00:00:00
db:	VULMON	id:	CVE-2017-13771	date:	2017-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-007699	date:	2017-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201709-054	date:	2017-08-30T00:00:00
db:	NVD	id:	CVE-2017-13771	date:	2017-09-07T13:29:00.653