-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: Samsung and some Dell printers, Remote Disclosure of Information. (CERT-EU security Advisory 2012-0138) Title: Samsung and some Dell printers, Remote Disclosure of Information. Version history: 03.12.2012 Initial publication Summary ======= Samsung printers and some Dell printers manufactured for Samsung contain and snmp account that could be used to get privileged access to the devices. CVE number: CVE-2012-4964 CVSS Score: 7.5 [1] Vulnerable systems ================== Samsung printers with firmware prior to 12-31-2012. Original Details ================ Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. References: VU#281184 What can you do? ================ There is no patch available for the moment, will be published at the end of the year. According to the reporter blocking port 1118/udp helps to mitigate the risk. Restrict access from untrusted networks, as a general recommendation. What to tell your users? ======================== N/A More information ================ [1] http://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2012-4964&search_type=all&cves=on [2] http://www.kb.cert.org/vuls/id/281284 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQvazPAAoJEPpzpNLI8SVoZZEQAIU2swjbjuXfLYrM1P67g/mc nBmhGf9b9xpmrR2sT+NGpL2tniBfaM/egJ/y5yY4aKN99U0PEA5P23ltQnm+reZK S+uLs7tGPlZCovGp6zpdWkqo7XiuDE1IEDIa18GopSnsMtBWrfMlavWac9vrWGaz tb5Qpw2XeOh6F3yH+GTAv0ZbZOQ9HBd7MD/AlRozSZEpZaxRL12RiTv6060LE3TH Um3PnN4NXJ9zg6j+Cus5yf8M9vvkUGXZjFsK56B+CilUTmbJX6V1avfSe/J4/FCu 8L4K/wPO6eovpoZJtX0qoPM6bhWsXrkdw2DKiaPiE8LYeEQzH3kShJMmIhEFp3xz poPSfJqHph7nG6c7Px1vUeA6btwg9mM5u7QWkL2nOWA5c5YmgRgOtk42WharpQ2n TsB7odGblRZzmJHlDFTcqDLqibEHFg8t9AIXm91ZnkphSrew70ONqvuPjnVQ/zxY nw/enA74zT5O/alvWlLeYmOALYsJELDkS2RkhGTMMwuXrnKsufvYRaA84LLcShwW VVQLM1/e0eABbi+S854pAmoFOY/2UuLm8E34b5CvCZlpN5YMz8yFg9CtS3HjA26l gEhXD89t9kNjbv/RqeUJb4VVBKGNPFeCmbikFuvs6phIOo/ajGegBfdKgEuIGE/a RR1E8GU/Ws3VqOKYSs36 =Sgab -----END PGP SIGNATURE-----