Sign-up

ID

VAR-201808-0291


CVE

CVE-2018-15748


TITLE

Dell 2335dn Vulnerabilities related to certificate and password management in multiple printer firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-010011

DESCRIPTION

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. Dell 2335dn Printer Printer firmware, Engin firmware, Network The firmware contains a vulnerability related to certificate and password management. Dell 2335dn is a multifunctional laser printer product of Dell (Dell). An attacker could exploit this vulnerability to retrieve the configured SMTP or LDAP password and possibly authenticate with an empty default administrator account password

Trust: 1.71

sources: NVD: CVE-2018-15748 // JVNDB: JVNDB-2018-010011 // VULHUB: VHN-126038

AFFECTED PRODUCTS

vendor:dellmodel:2335dn printerscope:eqversion:2.70.05.02

Trust: 2.4

vendor:dellmodel:2335dn enginescope:eqversion:1.10.65

Trust: 1.6

vendor:dellmodel:2335dn networkscope:eqversion:v4.02.15\(2335dn_mfp\)_11-22-2010

Trust: 1.6

vendor:dellmodel:2335dn enginscope:eqversion:1.10.65

Trust: 0.8

vendor:dellmodel:2335dn networkscope:eqversion:4.02.15(2335dn mfp) 11-22-2010

Trust: 0.8

sources: JVNDB: JVNDB-2018-010011 // CNNVD: CNNVD-201808-773 // NVD: CVE-2018-15748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15748
value: HIGH

Trust: 1.0

NVD: CVE-2018-15748
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-773
value: HIGH

Trust: 0.6

VULHUB: VHN-126038
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15748
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126038
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15748
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126038 // JVNDB: JVNDB-2018-010011 // CNNVD: CNNVD-201808-773 // NVD: CVE-2018-15748

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-126038 // JVNDB: JVNDB-2018-010011 // NVD: CVE-2018-15748

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-773

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010011

PATCH
title:Support for Dell 2335dn Multifunctional Laser Printerurl:https://www.dell.com/support/home/yu/en/yudhs1/product-support/product/dell-2335dn/drivers
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-010011

EXTERNAL IDS
db:NVDid:CVE-2018-15748
Trust: 2.5
db:JVNDBid:JVNDB-2018-010011
Trust: 0.8
db:CNNVDid:CNNVD-201808-773
Trust: 0.7
db:VULHUBid:VHN-126038
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126038 // 
            
            
            
            JVNDB: JVNDB-2018-010011 // 
            
            
            
            CNNVD: CNNVD-201808-773 // 
            
            
            
            NVD: CVE-2018-15748

REFERENCES
url:https://www.gerrenmurphy.com/dell-2335dn-password-disclosure/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15748
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15748
Trust: 0.8
sources:
            
            
            VULHUB: VHN-126038 // 
            
            
            
            JVNDB: JVNDB-2018-010011 // 
            
            
            
            CNNVD: CNNVD-201808-773 // 
            
            
            
            NVD: CVE-2018-15748

SOURCES
db:VULHUBid:VHN-126038
db:JVNDBid:JVNDB-2018-010011
db:CNNVDid:CNNVD-201808-773
db:NVDid:CVE-2018-15748

LAST UPDATE DATE
2024-11-23T22:34:08.808000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126038date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-010011date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201808-773date:2019-10-23T00:00:00
db:NVDid:CVE-2018-15748date:2024-11-21T03:51:23.403

SOURCES RELEASE DATE
db:VULHUBid:VHN-126038date:2018-08-23T00:00:00
db:JVNDBid:JVNDB-2018-010011date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201808-773date:2018-08-24T00:00:00
db:NVDid:CVE-2018-15748date:2018-08-23T15:29:00.537