Detections
Analytics

Tektronix PhaserLink Printer Web Server Direct Request Administrator Access

medium Nessus Plugin ID 10146

Synopsis

The remote service is prone to unauthorized access.

Description

The file /ncl_items.html or /ncl_subjects.html exist on the remote system. It is very likely that this file will allow an attacker to reconfigure your Tektronix printer.

An attacker can use this to prevent the users of your network from working properly by preventing themfrom printing their files.

Solution

Filter incoming traffic to port 80 to this device, or disable the Phaserlink web server on the printer (can be done by requesting http://printername/ncl_items?SUBJECT=2097)

See Also

http://www.nessus.org/u?d7ca9505

Plugin Details

Severity: Medium

ID: 10146

File Name: ncl_items.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 11/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 11/19/1999

Reference Information

CVE: CVE-1999-1508

BID: 806