CVE-2018-11692
Last modified
CVE-2018-11692 is a vulnerability of currently unknown severity. An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. EPSS estimates a 4.57% chance of exploitation in the next 30 days.
Description
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canon | Lbp3370 Firmware | All versions |
| Canon | Lbp3460 Firmware | All versions |
| Canon | Lbp7750c Firmware | All versions |
| Canon | Lbp6650 Firmware | All versions |
References
- https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ffBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44844/Broken Link, Third Party Advisory, VDB Entry
- https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ffBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44844/Broken Link, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11692?
How severe is CVE-2018-11692?
How do I fix CVE-2018-11692?
Are you affected by CVE-2018-11692?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST