Check Point Advisories

Brother Devices Authorization Bypass (CVE-2017-7588)

Check Point Reference: CPAI-2017-1601
Date Published: 11 Jan 2023
Severity: Critical
Last Updated: Wednesday 11 January, 2023
Source:
Industry Reference:CVE-2017-7588
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable? Brother MFC-J6973CDW
Brother MFC-J4420DW
Brother MFC-8710DW
Brother MFC-J4620DW
Brother MFC-L8850CDW
Brother MFC-J3720
Brother MFC-J6520DW
Brother MFC-L2740DW
Brother MFC-J5910DW
Brother MFC-J6920DW
Brother MFC-L2700DW
Brother MFC-9130CW
Brother MFC-9330CDW
Brother MFC-9340CDW
Brother MFC-J5620DW
Brother MFC-J6720DW
Brother MFC-L8600CDW
Brother MFC-L9550CDW
Brother MFC-L2720DW
Brother DCP-L2540DW
Brother DCP-L2520DW
Brother HL-3140CW
Brother HL-3170CDW
Brother HL-3180CDW
Brother HL-L8350CDW
Brother HL-L2380DW
Brother ADS-2500W
Brother ADS-1000W
Brother ADS-1500W
Vulnerability Description An authorization bypass vulnerability exists in Brother devices.The vulnerability can let remote users to get a valid session ID on Web UI without authentication. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted requests to the target server.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Brother Devices Authorization Bypass (CVE-2017-7588) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  Brother Devices Authorization Bypass (CVE-2017-7588)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK