Lucene search

MitreCVE-2018-15748

HistoryAug 23, 2018 - 3:29 p.m.

CVE-2018-15748

2018-08-2315:29:00

CWE-521

mitre

web.nvd.nist.gov

cve-2018-15748

dell

2335dn

printer

firmware

smtp

ldap

authentication

vulnerability

end of support

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an “End Of Support Life” product.

Affected configurations

Nvd

Node

dell2335dn_engine_firmwareMatch1.10.65

dell2335dn_network_firmwareMatchv4.02.15\(2335dn_mfp\)_11-22-2010

dell2335dn_printer_firmwareMatch2.70.05.02

AND

dell2335dnMatch-

VendorProductVersionCPE
dell2335dn_engine_firmware1.10.65cpe:2.3:o:dell:2335dn_engine_firmware:1.10.65:*:*:*:*:*:*:*
dell2335dn_network_firmwarev4.02.15(2335dn_mfp)_11-22-2010cpe:2.3:o:dell:2335dn_network_firmware:v4.02.15\(2335dn_mfp\)_11-22-2010:*:*:*:*:*:*:*
dell2335dn_printer_firmware2.70.05.02cpe:2.3:o:dell:2335dn_printer_firmware:2.70.05.02:*:*:*:*:*:*:*
dell2335dn-cpe:2.3:h:dell:2335dn:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	2335dn_engine_firmware	1.10.65	cpe:2.3:o:dell:2335dn_engine_firmware:1.10.65:::::::*
dell	2335dn_network_firmware	v4.02.15(2335dn_mfp)_11-22-2010	cpe:2.3:o:dell:2335dn_network_firmware:v4.02.15\(2335dn_mfp\)_11-22-2010:::::::*
dell	2335dn_printer_firmware	2.70.05.02	cpe:2.3:o:dell:2335dn_printer_firmware:2.70.05.02:::::::*
dell	2335dn	-	cpe:2.3:h:dell:2335dn:-:::::::*

References

www.gerrenmurphy.com/dell-2335dn-password-disclosure/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Related for CVE-2018-15748