Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:INFO:LEXMARK-SNF-ID |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Lexmark Scan To Network Information Disclosure |
Release Date |
2019/04/01 |
Update Number |
3158 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Lexmark Scan To Network Information Disclosure
This signature detects attempts to exploit a known vulnerability against Lexmark SNF. A successful attack can lead to sensitive information disclosure.
Extended Description
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
Affected Products
- Lexmark scan_to_network 3.2.9
References
- CVE: CVE-2017-13771