CVE-2017-13771

{"id": "CVE-2017-13771", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-09-07T13:29:00.653", "references": [{"url": "http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2017/Aug/46", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.lexmark.com/alerts", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2017/Aug/46", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.lexmark.com/alerts", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet."}, {"lang": "es", "value": "Lexmark Scan To Network (SNF) 3.2.9 y anteriores almacena las credenciales de configuraci\u00f3n de red como texto plano y las transmite en peticiones, lo que permite que atacantes remotos obtengan informaci\u00f3n sensible mediante peticiones a (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet o (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet."}], "lastModified": "2024-11-21T03:11:38.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lexmark:scan_to_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBB089DD-B6DF-48C2-96C1-F3EC679384D3", "versionEndIncluding": "3.2.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}