Vulnerabilities > CVE-2001-0484 - Unspecified vulnerability in TEK Phaserlink 850

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
tek
nessus
exploit available
NVD
Published: 2001-06-27
Updated: 2024-11-20

Summary

Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.

Vulnerable Configurations

Part Description Count
Application
Tek
1

Exploit-Db

descriptionTektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability. CVE-2001-0484. Remote exploit for hardware platform
idEDB-ID:20806
last seen2016-02-02
modified2001-04-25
published2001-04-25
reporterLtlw0lf
sourcehttps://www.exploit-db.com/download/20806/
titleTektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability

Nessus

NASL familyCGI abuses
NASL idNCL_ITEMS_2.NASL
descriptionThe file /_ncl_items.shtml or /_ncl_subjects.shtml exists on the remote web server. If the remote host is a Tektronix printer, then this page allows anyone to reconfigure it without any authentication means whatsoever. An attacker may use this flaw to conduct a denial of service attack against your business by preventing legitimate users from printing their work, or against your network, by changing the IP address of the printer so that it conflicts with the IP address of your file server.
last seen2020-06-01
modified2020-06-02
plugin id10665
published2001-05-10
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10665
titleTektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
code
#
# (C) Tenable Network Security, Inc.
#

# Reference:
# http://members.cox.net/ltlw0lf/printers.html
#

include("compat.inc");

if (description)
{
  script_id(10665);
  script_version("1.27");
  script_cvs_date("Date: 2018/06/13 18:56:28");

  script_cve_id("CVE-2001-0484");
  script_bugtraq_id(2659);

  script_name(english:"Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation");
  script_summary(english:"Checks for the presence of _ncl_*.shtml");

  script_set_attribute(attribute:"synopsis", value:"The remote service is prone to unauthorized access.");
  script_set_attribute(attribute:"description", value:
"The file /_ncl_items.shtml or /_ncl_subjects.shtml exists on the
remote web server. If the remote host is a Tektronix printer, then
this page allows anyone to reconfigure it without any authentication
means whatsoever.

An attacker may use this flaw to conduct a denial of service attack
against your business by preventing legitimate users from printing
their work, or against your network, by changing the IP address of the
printer so that it conflicts with the IP address of your file server.");
  # https://web.archive.org/web/20020222032650/http://archives.neohapsis.com/archives/bugtraq/2001-04/0482.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c775ca26");
  script_set_attribute(attribute:"solution", value:
"Filter incoming traffic to port 80 to this device, contact Tektronix
for a patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"1999/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2001/05/10");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl", "no404.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);


port = get_http_port(default:80);

i = "/_ncl_items.shtml?SUBJECT=1";
if (is_cgi_installed3(port: port, item: i))
{
  if ( ! is_cgi_installed3(port: port, item: "/nessus"+rand()+".shtml?SUBJECT=1") )
  {
    security_warning(port);
    exit(0);
  }
}

if (is_cgi_installed3(port: port, item: "/_ncl_subjects.shtml"))
{
	if ( ! is_cgi_installed3(port: port, item: "/nessus"+rand()+".shtml?SUBJECT=1") ) security_warning(port);
}

References