Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Lexmark X656de Printer Information Leakage

🗓️ 08 Nov 2011 00:00:00Reported by Deral HeilandType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Lexmark X656de Printer Information Leakage vulnerability, allows extraction of passwords for gaining access to critical systems

Code
`============================================================================  
Foofus.net Security Advisory: foofus-20111107  
============================================================================  
Title: Lexmark Multifunction Printer Information exposure  
Version: X656de  
Vendor: Lexmark   
Release Date: 08/05/2011  
============================================================================  
  
1. Summary:  
  
Lexmark multifunction printer device found to be vulnerable to an information leakage  
vulnerability.   
  
============================================================================  
  
2. Description:  
  
Passwords can be extracted in plan text from the settings export file.  
http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf  
  
============================================================================  
  
3. Impact:  
  
Exploiting this allows an adversary to extract passwords that can be used to gain  
access to other critical systems.  
  
============================================================================  
  
4. Affected Products:  
Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0)  
Other Lexmark and Dell branded Multifunction printers may also be vulnerable  
  
  
============================================================================  
  
5. Solution:  
  
Insure that a complex password is set on printer.  
  
============================================================================  
  
6) Time Table:  
  
08/05/2011 Vulnerability Disclosed.  
11/07/2011 Publishes Advisory  
  
============================================================================  
  
7) Credits: Discovered by Deral Heiland PercX   
  
============================================================================  
  
8. Reference:  
http://www.foofus.net/?page_id=483  
http://www.foofus.net  
http://praeda.foofus.net  
  
  
============================================================================  
  
The Foofus.Net team is an assortment of security professionals located   
through out the United States. http://www.foofus.net  
Follow percX on Twitter @Percent_X  
  
============================================================================   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Nov 2011 00:00Current
7.4High risk
Vulners AI Score7.4
lexmark x656deinformation leakagepassword extractioncritical systems
30