HTTP: Lexmark Scan To Network Information Disclosure
This signature detects attempts to exploit a known vulnerability against Lexmark SNF. A successful attack can lead to sensitive information disclosure.
Extended Description
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
Affected Products
Lexmark scan_to_network
References
CVE: CVE-2017-13771
Short Name
HTTP:INFO:LEXMARK-SNF-ID
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-13771 Disclosure Information Lexmark Network Scan To
Release Date
04/01/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Lexmark
CVSS Score
5.0