Lexmark config.html remote remove admin password

2014.02.06
Credit: USCERT
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. Overview Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Description CWE-620: Unverified Password Change - CVE-2013-6032 Certain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote unauthenticated attacker to change the administrative password of the printer's web administration interface. The interface does not perform sufficient validation of the vac.255.GENPASSWORD parameter in POST requests to the /cgi-bin/postpf/cgi-bin/dynamic/config/config.html page, allowing an unauthenticated remote attacker to reset the administrative password to an empty string. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2013-6033 Certain models of Lexmark laser printers are vulnerable to stored cross-site scripting attacks. The printers' administrative web interface does not perform sufficient validation of user input to the "Location" and "Contact Name" fields in the "General Settings" configuration page. A list of affected models and firmware versions can be found at Lexmark's advisory page. The CVSS score reflects CVE-2013-6032. Impact An attacker may be able to run arbitrary script in the context of a victim's browser. The attacker may also be able to gain full administrative control of the printer. Solution Apply an Update Lexmark advises users to update to the latest firmware version. A list of affected models and firmware versions, as well as accompanying fixes, can be found at Lexmark's advisory page.

References:

http://www.kb.cert.org/vuls/id/108062
http://support.lexmark.com/index?page=content&id=TE586


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top