Vulnerabilities > CVE-1999-1508 - Unspecified vulnerability in TEK products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
tek
critical
nessus
exploit available
NVD
Published: 1999-11-16
Updated: 2016-10-18

Summary

Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.

Vulnerable Configurations

Part Description Count
Hardware
Tek
5

Exploit-Db

descriptionTektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability. CVE-1999-1508. Remote exploit for hardware platform
idEDB-ID:19632
last seen2016-02-02
modified1999-11-17
published1999-11-17
reporterDennis W. Mattison
sourcehttps://www.exploit-db.com/download/19632/
titleTektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability

Nessus

NASL familyCGI abuses
NASL idNCL_ITEMS.NASL
descriptionThe file /ncl_items.html or /ncl_subjects.html exist on the remote system. It is very likely that this file will allow an attacker to reconfigure your Tektronix printer. An attacker can use this to prevent the users of your network from working properly by preventing themfrom printing their files.
last seen2020-06-01
modified2020-06-02
plugin id10146
published1999-11-22
reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10146
titleTektronix PhaserLink Printer Web Server Direct Request Administrator Access
code
#
# (C) Tenable Network Security, Inc.
#

# Reference:
# http://members.cox.net/ltlw0lf/printers.html
#

include("compat.inc");

if (description)
{
  script_id(10146);
  script_version("1.31");
  script_cvs_date("Date: 2018/06/13 18:56:28");

  script_cve_id("CVE-1999-1508");
  script_bugtraq_id(806);

  script_name(english:"Tektronix PhaserLink Printer Web Server Direct Request Administrator Access");
  script_summary(english:"Checks for the presence of /ncl_*.html");

  script_set_attribute(attribute:"synopsis", value:"The remote service is prone to unauthorized access.");
  script_set_attribute(attribute:"description", value:
"The file /ncl_items.html or /ncl_subjects.html exist on the remote
system. It is very likely that this file will allow an attacker to
reconfigure your Tektronix printer.

An attacker can use this to prevent the users of your network from
working properly by preventing themfrom printing their files.");
  # https://web.archive.org/web/20040319140242/http://archives.neohapsis.com/archives/bugtraq/2001-04/0482.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d7ca9505");
  script_set_attribute(attribute:"solution", value:
"Filter incoming traffic to port 80 to this device, or disable the
Phaserlink web server on the printer (can be done by requesting
http://printername/ncl_items?SUBJECT=2097)");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"vuln_publication_date", value:"1999/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"1999/11/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);

i = "/ncl_items.html?SUBJECT=1";
if (is_cgi_installed3(item: i, port: port))
{
  if (!is_cgi_installed3(item: "/nessus" + rand() + ".html", port: port) )
  {
    security_warning(port);
    exit(0);
  }
}

if (is_cgi_installed3(item: "/ncl_subjects.html", port: port) )
{
    if (!is_cgi_installed3(item: "/nessus" + rand() + ".html", port: port) ) security_warning(port);
}

References