Vulnerabilities > CVE-2001-0484 - Unspecified vulnerability in TEK Phaserlink 850

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tek
nessus
exploit available
NVD
Published: 2001-06-27
Updated: 2017-12-19

Summary

Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.

Vulnerable Configurations

Part Description Count
Application
Tek
1

Exploit-Db

descriptionTektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability. CVE-2001-0484. Remote exploit for hardware platform
idEDB-ID:20806
last seen2016-02-02
modified2001-04-25
published2001-04-25
reporterLtlw0lf
sourcehttps://www.exploit-db.com/download/20806/
titleTektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability

Nessus

NASL familyCGI abuses
NASL idNCL_ITEMS_2.NASL
descriptionThe file /_ncl_items.shtml or /_ncl_subjects.shtml exists on the remote web server. If the remote host is a Tektronix printer, then this page allows anyone to reconfigure it without any authentication means whatsoever. An attacker may use this flaw to conduct a denial of service attack against your business by preventing legitimate users from printing their work, or against your network, by changing the IP address of the printer so that it conflicts with the IP address of your file server.
last seen2020-06-01
modified2020-06-02
plugin id10665
published2001-05-10
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10665
titleTektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
code
#
# (C) Tenable Network Security, Inc.
#

# Reference:
# http://members.cox.net/ltlw0lf/printers.html
#

include("compat.inc");

if (description)
{
  script_id(10665);
  script_version("1.27");
  script_cvs_date("Date: 2018/06/13 18:56:28");

  script_cve_id("CVE-2001-0484");
  script_bugtraq_id(2659);

  script_name(english:"Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation");
  script_summary(english:"Checks for the presence of _ncl_*.shtml");

  script_set_attribute(attribute:"synopsis", value:"The remote service is prone to unauthorized access.");
  script_set_attribute(attribute:"description", value:
"The file /_ncl_items.shtml or /_ncl_subjects.shtml exists on the
remote web server. If the remote host is a Tektronix printer, then
this page allows anyone to reconfigure it without any authentication
means whatsoever.

An attacker may use this flaw to conduct a denial of service attack
against your business by preventing legitimate users from printing
their work, or against your network, by changing the IP address of the
printer so that it conflicts with the IP address of your file server.");
  # https://web.archive.org/web/20020222032650/http://archives.neohapsis.com/archives/bugtraq/2001-04/0482.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c775ca26");
  script_set_attribute(attribute:"solution", value:
"Filter incoming traffic to port 80 to this device, contact Tektronix
for a patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"1999/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2001/05/10");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl", "no404.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);


port = get_http_port(default:80);

i = "/_ncl_items.shtml?SUBJECT=1";
if (is_cgi_installed3(port: port, item: i))
{
  if ( ! is_cgi_installed3(port: port, item: "/nessus"+rand()+".shtml?SUBJECT=1") )
  {
    security_warning(port);
    exit(0);
  }
}

if (is_cgi_installed3(port: port, item: "/_ncl_subjects.shtml"))
{
	if ( ! is_cgi_installed3(port: port, item: "/nessus"+rand()+".shtml?SUBJECT=1") ) security_warning(port);
}

References