7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.144 Low
EPSS
Percentile
95.8%
Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device.
Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.
A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and possibility the ability to leverage further attacks through arbitrary code execution.
Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices.
Dell also indicated that they have released updated firmware for all affected models currently being sold to address this vulnerability. A copy of this updated firmware is available for download at: <http://del.ly/PrinterSNMPFix>
Block Port 1118/udp
The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.
Restrict Access
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. (e.g. Using IP filtering and Mac address filtering)
Disable SNMP protocol
Samsung is advising end users to disable SNMPv1, 2 or use the secure SNMPv3 mode until the firmware updates are released.
*Note that the vulnerability reporter has stated that the community string that remains active even when SNMP is disabled in the printer management utility.
281284
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 23, 2012 Updated: December 07, 2012
Affected
Dell stated that models released after October 31, 2012 are not affected by this vulnerability. Dell also indicated that they have released updated firmware for all affected models currently being sold to address this vulnerability. A copy of this updated firmware is available for download at: <http://del.ly/PrinterSNMPFix>
We are not aware of further vendor information regarding this vulnerability.
Notified: August 23, 2012 Updated: November 29, 2012
Affected
Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. We encourage end users to disable SNMPv1, 2 or use the secure SNMPv3 mode until the firmware updates are made.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P |
Temporal | 6.5 | E:U/RL:W/RC:UC |
Environmental | 1.9 | CDP:LM/TD:L/CR:ND/IR:ND/AR:ND |
<http://del.ly/PrinterSNMPFix>
Thanks to Neil Smith for reporting this vulnerability
This document was written by Katie Steiner
CVE IDs: | CVE-2012-4964 |
---|---|
Date Public: | 2012-11-26 Date First Published: |