CVE-2017-7588

CVSS V2 High 10 CVSS V3 Critical 9.8
Description
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.
Overview
  • CVE ID
  • CVE-2017-7588
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-04-12T10:59:00
  • Last Modified Date
  • 2017-08-16T01:29:21
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:brother:mfc_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:brother:mfc-8710dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-9130cw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-9330cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-9340cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j3720:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j4420dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j4620dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j5620dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j5910dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j6520dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j6720dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j6920dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-j6973cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l2700dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l2720dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l2740dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l8600cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l8850cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:mfc-l9550cdw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:brother:dcp_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:brother:dcp-l2520dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:dcp-l2540dw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:brother:ads_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:brother:ads-1000w:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:ads-1500w:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:ads-2500w:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:brother:hl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:brother:hl-3140cw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:hl-3170cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:hl-3180cdw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:hl-l2380dw:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:brother:hl-l8350cdw:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://cxsecurity.com/blad/WLB-2017040064
https://www.exploit-db.com/exploits/41863/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-7588
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7588
History
Created Old Value New Value Data Type Notes
2022-05-10 09:02:46 Added to TrackCVE
2022-12-02 15:45:31 2017-04-12T10:59Z 2017-04-12T10:59:00 CVE Published Date updated
2022-12-02 15:45:31 2017-08-16T01:29:21 CVE Modified Date updated
2022-12-02 15:45:31 Modified Vulnerability Status updated