FKIE_CVE-2017-7588

Vulnerability from fkie_nvd - Published: 2017-04-12 10:59 - Updated: 2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.
References
cve@mitre.orghttps://cxsecurity.com/blad/WLB-2017040064
cve@mitre.orghttps://www.exploit-db.com/exploits/41863/
af854a3a-2127-422b-91ae-364da2661108https://cxsecurity.com/blad/WLB-2017040064
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/41863/
Impacted products
Vendor Product Version
brother mfc_firmware -
brother mfc-8710dw -
brother mfc-9130cw -
brother mfc-9330cdw -
brother mfc-9340cdw -
brother mfc-j3720 -
brother mfc-j4420dw -
brother mfc-j4620dw -
brother mfc-j5620dw -
brother mfc-j5910dw -
brother mfc-j6520dw -
brother mfc-j6720dw -
brother mfc-j6920dw -
brother mfc-j6973cdw -
brother mfc-l2700dw -
brother mfc-l2720dw -
brother mfc-l2740dw -
brother mfc-l8600cdw -
brother mfc-l8850cdw -
brother mfc-l9550cdw -
brother dcp_firmware -
brother dcp-l2520dw -
brother dcp-l2540dw -
brother ads_firmware -
brother ads-1000w -
brother ads-1500w -
brother ads-2500w -
brother hl_firmware -
brother hl-3140cw -
brother hl-3170cdw -
brother hl-3180cdw -
brother hl-l2380dw -
brother hl-l8350cdw -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:brother:mfc_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E75786C-418A-4C7D-9516-5328931391B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:brother:mfc-8710dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "063EFDCB-ACA5-48CC-8ACB-B4C35AE82DE5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-9130cw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "620943CE-02CE-490D-9D92-6A46F591A002",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-9330cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F94C339-B174-4F36-AAC4-6F7B676E0A54",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-9340cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8096B8B-E830-4008-B970-11F7F86531DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j3720:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E30AFC7-51C8-4C89-81BD-5BE8E10FB789",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j4420dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EB4E3BE-698A-47D6-A4F4-B9CAA371ADCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j4620dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4FF760-1267-4281-B1D0-80BBAFED9CDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j5620dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F34C514-2738-4206-8B23-2AC7EB0E900B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j5910dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB8BFDB-0796-455F-8F0A-42A5885C1404",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j6520dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A349B90-B721-42FE-B136-726093F8FCD9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j6720dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0358966-552E-47B8-AAA9-8922609625E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j6920dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C3D9CC-7C78-4171-95D7-7FD4CD6F0387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-j6973cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA24CE5-445C-4980-B46A-B7715810BC7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l2700dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36099941-3EBD-44B5-8452-093EF433642E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l2720dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B00252-5D1C-4922-A223-92958F945DB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l2740dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6079C730-2332-429C-9833-BEB7081D2C92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l8600cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD70CBD-FF0C-4987-90B3-357F1F6D60A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l8850cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDCBA36B-4BE4-4C0D-ABDE-76A2A7B8E9FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:mfc-l9550cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39596AFD-DA7E-4DED-B132-888CD804F44F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:brother:dcp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B17165B-7D42-4DF0-9C26-638C37904476",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:brother:dcp-l2520dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0445551D-01CA-435B-B4F4-79022C18237F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:dcp-l2540dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "207F0E9F-29B1-4AEC-B0F1-14424060D61D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:brother:ads_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D9D4CB-E9E8-47C3-9826-1D2F976F864F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:brother:ads-1000w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2240DC-9A63-49EA-9BC6-C12111839753",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:ads-1500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4064DB43-1CD0-4149-85EC-AFD7B1CD062B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:ads-2500w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD13640-29B4-4784-9A61-3922ECB6E0FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:brother:hl_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B89B169-2D03-499C-9022-656124B5E8D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:brother:hl-3140cw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A36ADEE6-20CB-42AA-9E2F-F349DACAD75A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:hl-3170cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD6C1B8-1FAF-4A20-BDEA-B0377295DDDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:hl-3180cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB5A15D7-1C22-4C7C-927D-58A5451F6511",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:hl-l2380dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF710C62-026C-4DA1-AD1E-AB95EC2BA9B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:brother:hl-l8350cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "024B4793-D380-4C28-8C83-0F37F3F5A0D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W."
    },
    {
      "lang": "es",
      "value": "En ciertos dispositivos Brother, autorizaci\u00f3n es mal manejada incluyendo una cookie v\u00e1lida AuthCookie en la respuesta HTTP para un intento fallido de inicio de sesi\u00f3n. Modelos afectados son: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W."
    }
  ],
  "id": "CVE-2017-7588",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-12T10:59:00.337",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://cxsecurity.com/blad/WLB-2017040064"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/41863/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cxsecurity.com/blad/WLB-2017040064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41863/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.