SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   InterCon Smart PrintServer Vendors:   SEH
SEH InterCon Smart Print Server Grants Administrative Access to Remote Users
SecurityTracker Alert ID:  1008808
SecurityTracker URL:  http://securitytracker.com/id/1008808
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 21 2004
Impact:   User access via network
Exploit Included:  Yes  

Description:   Rafel Ivgi (The-Insider) reported a vulnerability in the SEH InterCon Smart Print Server. A remote user can perform administrative functions without authenticating.

It is reported that a remote user can access the following URL to modify the server's configuration:

http://<external IP>/config/windows_en.html

[Editor's note: This information was originally reported in December 2003.]

Impact:   A remote user can gain administrative access on the print server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.seh.de/ (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents

Subject:  InterCon's Smart PrintServer Solutions Internal IP Address And Path


InterCon's Smart PrintServer Solutions Internal IP Address And Path
Disclosure Vulnerability (All Versions)

Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com

It Doesn't seem right to me that I can naturally see the internal
IP of the machine on this server .Its configured that way because
The makers of this software thought that this way only someone
Who is part of the server, some one such as the administrator Will be
able to access those files, but if you just copy the location
>From of the links on the server, Example:
http://<internal IP>/config/windows_en.html
and replace the internal IP with the external IP that you have
(by scanning or other source) , Example:
http://<external IP>/config/windows_en.html
you will be able to change everything on the server.
I welcome you as the new Administrator of the Print Server.

"A vulnerability doesn't exsist, until you expose it."



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC