CVE-2013-4614

English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html
http://www.mattandreko.com/2013/06/canon-y-u-no-security.html
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:canon:mg3100_printer:-:::::::*
	cpe:2.3:h:canon:mg5300_printer:-:::::::*
	cpe:2.3:h:canon:mg6100_printer:-:::::::*
	cpe:2.3:h:canon:mp340_printer:-:::::::*
	cpe:2.3:h:canon:mp495_printer:-:::::::*
	cpe:2.3:h:canon:mx870_printer:-:::::::*
	cpe:2.3:h:canon:mx890_printer:-:::::::*
	cpe:2.3:h:canon:mx920_printer:-:::::::*
	cpe:2.3:h:canon:mx922_printer:-:::::::*

History

No history.

Information

Published : 2013-06-21 21:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4614

Mitre link : CVE-2013-4614

CVE.ORG link : CVE-2013-4614

JSON object : View

Products Affected

canon

mx920_printer
mp495_printer
mg6100_printer
mx870_printer
mx890_printer
mg5300_printer
mg3100_printer
mx922_printer
mp340_printer

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-4614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-21T21:55:01.033", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html", "source": "cve@mitre.org"}, {"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html", "source": "cve@mitre.org"}, {"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation."}, {"lang": "es", "value": "English/pages_MacUS/wls_set_content.html en impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, y MX922 muestra la contrase\u00f1a de paso (passphrase) en texto plano, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de la pantalla de una estaci\u00f3n de trabajo."}], "lastModified": "2013-06-24T22:30:41.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:canon:mg3100_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA808CB1-E232-45A7-8913-03DDD4D967AA"}, {"criteria": "cpe:2.3:h:canon:mg5300_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A7BF24E-0FE5-41E6-B4AF-5CEC5ED0AB3E"}, {"criteria": "cpe:2.3:h:canon:mg6100_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C007C65-9187-4593-B236-025831220B8C"}, {"criteria": "cpe:2.3:h:canon:mp340_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F038B929-787C-4350-B1A4-F2E0F12969FE"}, {"criteria": "cpe:2.3:h:canon:mp495_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A7687B9-537C-47CB-AA7B-DE57725B6E89"}, {"criteria": "cpe:2.3:h:canon:mx870_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "555BD45B-2B53-42BE-B76B-03205EADD821"}, {"criteria": "cpe:2.3:h:canon:mx890_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD762566-16C3-4391-B3C4-A0247AA082AF"}, {"criteria": "cpe:2.3:h:canon:mx920_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C74EB1F2-29DA-4835-B2D0-AB96CB1B4FB2"}, {"criteria": "cpe:2.3:h:canon:mx922_printer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08F6F82C-6EF6-40E6-A6C5-D2B4952B02FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}