Vulnerability Description
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | Scan To Network | <= 3.2.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-InExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Aug/46ExploitMailing ListThird Party Advisory
- https://support.lexmark.com/alerts
- http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-InExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Aug/46ExploitMailing ListThird Party Advisory
- https://support.lexmark.com/alerts
FAQ
What is CVE-2017-13771?
CVE-2017-13771 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via ...
How severe is CVE-2017-13771?
CVE-2017-13771 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-13771?
Check the references section above for vendor advisories and patch information. Affected products include: Lexmark Scan To Network.