Can you explain this vulnerability to me?

This vulnerability allows an unauthenticated attacker to access a specific URI path (/etc/mnt_info.csv) on a vulnerable device via HTTP, HTTPS, or IPP services without needing any authentication. By sending a GET request to this path, the attacker can obtain sensitive information about the device, including its model, firmware version, IP address, and serial number, which are returned in a CSV format.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can lead to information disclosure, where an attacker gains access to sensitive device details such as model, firmware version, IP address, and serial number without authorization. This information could be used to facilitate further attacks, reconnaissance, or exploitation of the device or network.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by sending an unauthenticated GET request to the URI path /etc/mnt_info.csv on the device's HTTP (port 80), HTTPS (port 443), or IPP (port 631) services. For example, using curl commands: curl http://<device_ip>/etc/mnt_info.csv curl https://<device_ip>/etc/mnt_info.csv curl ipp://<device_ip>:631/etc/mnt_info.csv If the response contains a CSV table with device model, firmware version, IP address, or serial number, the device is vulnerable.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the HTTP, HTTPS, and IPP services to trusted users only, implementing network-level access controls or firewalls to block unauthorized access to TCP ports 80, 443, and 631, and applying any available firmware or software updates from the device vendor that address this information leak vulnerability.

Useful 0 Not Useful 0