Improper authentication in PDQ Manufacturing, Inc. products - CVE-2017-9630

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU7600

Improper authentication in PDQ Manufacturing, Inc. products - CVE-2017-9630

Published: July 31, 2017


Vulnerability identifier: #VU7600
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-9630
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: PDQ Manufacturing, Inc.
Affected software:
ProTouch AutoGloss
ProTouch ICON
ProTouch Tandem
LaserJet
LaserWash AutoXpress Plus
LaserWash AutoXpress
LaserWash 360 Plus
LaserWash 360
LaserWash M5
LaserWash G5 S Series
LaserWash G5

Detailed vulnerability description

The vulnerability allows remote attacker to bypass authentication on the target system.

The weakness exists due to improper authentication. A remote attacker can bypass authentication and gain access to the system.

How to mitigate CVE-2017-9630

PDQ recommends that users apply the following controls:

  • Always make sure any PDQ equipment is not accessible from the Internet; it should be behind a secure firewall.
  • Whenever a machine or router is received and installed, always change the default password from the factory settings to a new password unique to the machine. If an existing site is still using the factory default passwords on a machine or router, immediately change the default password to a new, unique, strong password.
  • Always set up the system network (router or Wi-Fi) with its security features enabled such that they require a username and password to be able to access the machine network.
  • Do not set up the site router with “port forwarding” enabled. This can effectively expose the system to the Internet and may permit an unauthorized person to reach the machine login screen.
  • Do not share passwords or write them down in an accessible place where unauthorized users may find them.

Sources