CVE-2017-13771

Published: Sep 7, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.

Affected (1)

Products: Lexmark: Scan To Network

1 product

Scan To Network

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lexmark Scan To Network	Up to 3.2.9

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Aug/46

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://support.lexmark.com/alerts

Source: cve@mitre.org

http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Aug/46

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://support.lexmark.com/alerts

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.