CVE-2017-13771
CRITICALLexmark Scan To Network < 3.2.9 - Plaintext Credential Exposure via SNF Dest Servlet
Title source: llmDescription
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://support.lexmark.com/alerts
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Aug/46
Scores
CVSS v3
9.8
EPSS
0.0336
EPSS Percentile
87.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
lexmark/scan_to_network
< 3.2.9
Published
Sep 07, 2017
Tracked Since
Feb 18, 2026