Details of VAR-201211-0277

ID

VAR-201211-0277

CVE

CVE-2012-4964

TITLE

Samsung Printer firmware contains a hardcoded SNMP community string

Trust: 0.8

sources: CERT/CC: VU#281284

DESCRIPTION

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. This community string is the printer management function. SNMP Even if is set to disabled, it is still enabled.SNMP By accessing with, the setting information of the product may be obtained or changed. Samsung printers is a printer developed by Samsung. A remote unauthenticated attacker can access the device with administrator privileges, change device configuration, access sensitive information (device and network information, authentication credentials, information passed to the printer), and more. Note: The issue affects devices only when SNMP is enabled. Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. Solution Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. Restrict Access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Samsung / Dell Printers Hard-Coded SNMP Community String Security Issue SECUNIA ADVISORY ID: SA51435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51435 RELEASE DATE: 2012-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/51435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in some Samsung and Dell printers, which can be exploited by malicious people to compromise a vulnerable device. The security issue is reported in the following devices: * Dell 2145cn Multifunction Printer * Dell 2335dn Multifunction Printer * Samsung ML-2580 Series Monochrome Laser Printer * Samsung ML-4050 Series Monochrome Laser Printer SOLUTION: Reportedly, patches will be issued. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Neil Smith. ORIGINAL ADVISORY: US-CERT VU#281284: http://www.kb.cert.org/vuls/id/281284 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.42

sources: NVD: CVE-2012-4964 // CERT/CC: VU#281284 // JVNDB: JVNDB-2012-005540 // CNVD: CNVD-2012-7108 // BID: 56692 // VULHUB: VHN-58245 // PACKETSTORM: 118413 // PACKETSTORM: 118444

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-7108

AFFECTED PRODUCTS

vendor:	samsung	model:	printer	scope:	lte	version:	20121030	Trust: 1.0
vendor:	dell computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	multiple printer	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	printers	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	printer	scope:	eq	version:	20121030	Trust: 0.6

sources: CERT/CC: VU#281284 // CNVD: CNVD-2012-7108 // JVNDB: JVNDB-2012-005540 // CNNVD: CNNVD-201211-527 // NVD: CVE-2012-4964

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2012-4964
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2012-4964
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201211-527
value:	HIGH
Trust: 0.6
VULHUB:	VHN-58245
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-4964
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2012-4964
severity:	HIGH
baseScore:	9.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-58245
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#281284 // VULHUB: VHN-58245 // JVNDB: JVNDB-2012-005540 // CNNVD: CNNVD-201211-527 // NVD: CVE-2012-4964

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-58245 // JVNDB: JVNDB-2012-005540 // NVD: CVE-2012-4964

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-527

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201211-527

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005540

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-58245

PATCH

title:	Samsung Information for VU#281284 (Affected)	url:	http://www.kb.cert.org/vuls/id/KWAK-928S3T	Trust: 0.8
title:	Samsung print firmware backdoor is not authorized to access the patch	url:	https://www.cnvd.org.cn/patchInfo/show/25693	Trust: 0.6

sources: CNVD: CNVD-2012-7108 // JVNDB: JVNDB-2012-005540

EXTERNAL IDS

db:	CERT/CC	id:	VU#281284	Trust: 4.0
db:	NVD	id:	CVE-2012-4964	Trust: 3.5
db:	JVNDB	id:	JVNDB-2012-005540	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-527	Trust: 0.7
db:	CNVD	id:	CNVD-2012-7108	Trust: 0.6
db:	NSFOCUS	id:	21625	Trust: 0.6
db:	BID	id:	56692	Trust: 0.4
db:	PACKETSTORM	id:	118413	Trust: 0.2
db:	SECUNIA	id:	51435	Trust: 0.2
db:	VULHUB	id:	VHN-58245	Trust: 0.1
db:	PACKETSTORM	id:	118444	Trust: 0.1

sources: CERT/CC: VU#281284 // CNVD: CNVD-2012-7108 // VULHUB: VHN-58245 // BID: 56692 // JVNDB: JVNDB-2012-005540 // PACKETSTORM: 118413 // PACKETSTORM: 118444 // CNNVD: CNNVD-201211-527 // NVD: CVE-2012-4964

REFERENCES

url:	http://www.kb.cert.org/vuls/id/281284	Trust: 3.2
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://del.ly/printersnmpfix	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4964	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu281284/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4964	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/21625	Trust: 0.6
url:	http://dell.com	Trust: 0.3
url:	http://www.samsung.com/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4964	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51435	Trust: 0.1
url:	http://secunia.com/advisories/51435/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/51435/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Neil Smith

Trust: 0.4

sources: BID: 56692 // PACKETSTORM: 118413

SOURCES

db:	CERT/CC	id:	VU#281284
db:	CNVD	id:	CNVD-2012-7108
db:	VULHUB	id:	VHN-58245
db:	BID	id:	56692
db:	JVNDB	id:	JVNDB-2012-005540
db:	PACKETSTORM	id:	118413
db:	PACKETSTORM	id:	118444
db:	CNNVD	id:	CNNVD-201211-527
db:	NVD	id:	CVE-2012-4964

LAST UPDATE DATE

2025-04-11T23:14:44.656000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#281284	date:	2012-12-07T00:00:00
db:	CNVD	id:	CNVD-2012-7108	date:	2020-03-10T00:00:00
db:	VULHUB	id:	VHN-58245	date:	2012-11-28T00:00:00
db:	BID	id:	56692	date:	2012-12-03T19:50:00
db:	JVNDB	id:	JVNDB-2012-005540	date:	2012-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201211-527	date:	2012-11-29T00:00:00
db:	NVD	id:	CVE-2012-4964	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#281284	date:	2012-11-26T00:00:00
db:	CNVD	id:	CNVD-2012-7108	date:	2012-11-29T00:00:00
db:	VULHUB	id:	VHN-58245	date:	2012-11-28T00:00:00
db:	BID	id:	56692	date:	2012-11-26T00:00:00
db:	JVNDB	id:	JVNDB-2012-005540	date:	2012-11-27T00:00:00
db:	PACKETSTORM	id:	118413	date:	2012-11-28T01:22:22
db:	PACKETSTORM	id:	118444	date:	2012-11-29T07:10:43
db:	CNNVD	id:	CNNVD-201211-527	date:	2012-11-28T00:00:00
db:	NVD	id:	CVE-2012-4964	date:	2012-11-28T01:55:00.837