Vulnerabilites related to lexmark - cx860de
var-201604-0425
Vulnerability from variot
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. Lexmarkprinter is a printer product. Lexmarkprinter has an information disclosure vulnerability that prevents local attackers from obtaining sensitive information by directly reading non-volatile memory due to failure to properly handle ErasePrinterMemory and EraseHardDisk operations. Multiple Lexmark Prrinters are prone to an unspecified local information-disclosure vulnerability. The following versions are affected: Lexmark using ATL versions prior to ATL.021.063, CB versions prior to CB.021.063, PP versions prior to PP.021.063, and YK versions prior to YK.021.063
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0425", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "printer", scope: "gte", trust: 1, vendor: "lexmark", version: "pp", }, { model: "printer", scope: "gte", trust: 1, vendor: "lexmark", version: "yk", }, { model: "printer", scope: "gte", trust: 1, vendor: "lexmark", version: "atl", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "yk.021.057", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "yk.021.062", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "pp.021.062", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "cb.021.062", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "atl.021.062", }, { model: "printer", scope: "gte", trust: 1, vendor: "lexmark", version: "cb", }, { model: "xc8155de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs820de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "pp", }, { model: "cx860de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx825dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "yk.021.063", }, { model: "cx825dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc8160de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs720de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc8155dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc6152de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx860dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "atl", }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "yk", }, { model: "cs725dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "pp.021.063", }, { model: "xc6152dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc4150", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx820dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs820dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "cb.021.063", }, { model: "c6160", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "c4150", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx860dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "cb", }, { model: "cs820dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx820de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx825de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725dthe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc8160dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725dhe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs725de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs720dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "atl.021.063", }, { model: "printer", scope: null, trust: 0.6, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "cb.021.062", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "atl.021.062", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "yk.021.057", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "pp.021.062", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "yk.021.062", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:lexmark:c4150", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:c6160", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs720de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs720dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs725de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs725dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725dhe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725dthe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx820de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx820dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/o:lexmark:printer_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc4150", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc6152de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc6152dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8155de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8155dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8160de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8160dte", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-002700", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lexmark", sources: [ { db: "BID", id: "89168", }, ], trust: 0.3, }, cve: "CVE-2016-3145", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2016-3145", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.8, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.6, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.1, id: "CNVD-2016-02640", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:L/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-91964", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "PHYSICAL", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2016-3145", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-3145", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2016-3145", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2016-02640", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201604-516", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-91964", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "VULHUB", id: "VHN-91964", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. Lexmarkprinter is a printer product. Lexmarkprinter has an information disclosure vulnerability that prevents local attackers from obtaining sensitive information by directly reading non-volatile memory due to failure to properly handle ErasePrinterMemory and EraseHardDisk operations. Multiple Lexmark Prrinters are prone to an unspecified local information-disclosure vulnerability. The following versions are affected: Lexmark using ATL versions prior to ATL.021.063, CB versions prior to CB.021.063, PP versions prior to PP.021.063, and YK versions prior to YK.021.063", sources: [ { db: "NVD", id: "CVE-2016-3145", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNVD", id: "CNVD-2016-02640", }, { db: "BID", id: "89168", }, { db: "VULHUB", id: "VHN-91964", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3145", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2016-002700", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201604-516", trust: 0.7, }, { db: "CNVD", id: "CNVD-2016-02640", trust: 0.6, }, { db: "BID", id: "89168", trust: 0.4, }, { db: "VULHUB", id: "VHN-91964", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "VULHUB", id: "VHN-91964", }, { db: "BID", id: "89168", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, id: "VAR-201604-0425", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "VULHUB", id: "VHN-91964", }, ], trust: 1.2999999999999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, ], }, last_update_date: "2024-11-23T23:09:12.705000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TE760", trust: 0.8, url: "http://support.lexmark.com/index?page=content&id=TE760", }, { title: "Lexmark Printer Sensitive Information Disclosure Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/74772", }, { title: "Lexmark Fixes for printer security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61205", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-91964", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://support.lexmark.com/index?page=content&id=te760", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3145", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3145", }, { trust: 0.6, url: "http://support.lexmark.com/index?page=content&id=te760&locale=it&userlocale=it_it", }, { trust: 0.3, url: "http://www.lexmark.com/", }, { trust: 0.1, url: "http://support.lexmark.com/index?page=content&id=te760", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "VULHUB", id: "VHN-91964", }, { db: "BID", id: "89168", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-02640", }, { db: "VULHUB", id: "VHN-91964", }, { db: "BID", id: "89168", }, { db: "JVNDB", id: "JVNDB-2016-002700", }, { db: "CNNVD", id: "CNNVD-201604-516", }, { db: "NVD", id: "CVE-2016-3145", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-04-27T00:00:00", db: "CNVD", id: "CNVD-2016-02640", }, { date: "2016-04-22T00:00:00", db: "VULHUB", id: "VHN-91964", }, { date: "2016-04-07T00:00:00", db: "BID", id: "89168", }, { date: "2016-05-17T00:00:00", db: "JVNDB", id: "JVNDB-2016-002700", }, { date: "2016-04-22T00:00:00", db: "CNNVD", id: "CNNVD-201604-516", }, { date: "2016-04-22T00:59:09.493000", db: "NVD", id: "CVE-2016-3145", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-04-27T00:00:00", db: "CNVD", id: "CNVD-2016-02640", }, { date: "2019-08-28T00:00:00", db: "VULHUB", id: "VHN-91964", }, { date: "2016-04-07T00:00:00", db: "BID", id: "89168", }, { date: "2016-05-17T00:00:00", db: "JVNDB", id: "JVNDB-2016-002700", }, { date: "2019-08-29T00:00:00", db: "CNNVD", id: "CNNVD-201604-516", }, { date: "2024-11-21T02:49:28.127000", db: "NVD", id: "CVE-2016-3145", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "89168", }, { db: "CNNVD", id: "CNNVD-201604-516", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lexmark Vulnerability in obtaining important information in printer firmware", sources: [ { db: "JVNDB", id: "JVNDB-2016-002700", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201604-516", }, ], trust: 0.6, }, }
var-201601-0529
Vulnerability from variot
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAuthentication may be circumvented by a third party using unauthorized detection of the security jumper status. Lexmarkprinter is a printer product from Lexmark. A remote attacker bypasses authentication by incorrect detection of the security-jumper state. Lexmark Laser Printers are prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. The following versions are affected: Lexmark printers using ATL versions prior to ATL.02.049, CB versions prior to CB.02.049, PP versions prior to PP.02.049, and YK versions prior to YK.02.049
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0529", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "yk.02.048", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "cb.02.048", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "pp.02.048", }, { model: "printer", scope: "lte", trust: 1, vendor: "lexmark", version: "atl.02.048", }, { model: "xc8155de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs820de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "pp", }, { model: "cx860de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx825dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx825dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc8160de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs720de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc8155dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "pp.02.049", }, { model: "cx860dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "atl", }, { model: "xc6152de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "yk", }, { model: "cs725dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "xc6152dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "atl.02.049", }, { model: "xc4150", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx820dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs820dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "c6160", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "c4150", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx860dtfe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "lt", trust: 0.8, vendor: "lexmark", version: "cb", }, { model: "cs820dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx820de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx825de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725dthe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "cb.02.049", }, { model: "xc8160dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cx725dhe", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs725de", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "cs720dte", scope: null, trust: 0.8, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.8, vendor: "lexmark", version: "yk.02.049", }, { model: "laser printer atl.02.049", scope: "lt", trust: 0.6, vendor: "lexmark", version: null, }, { model: "laser printer cb", scope: null, trust: 0.6, vendor: "lexmark", version: null, }, { model: "laser printer pp", scope: null, trust: 0.6, vendor: "lexmark", version: null, }, { model: "laser printer yk", scope: null, trust: 0.6, vendor: "lexmark", version: null, }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "atl.02.048", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "pp.02.048", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "cb.02.048", }, { model: "printer", scope: "eq", trust: 0.6, vendor: "lexmark", version: "yk.02.048", }, { model: "xc8160dte pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8160de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8155dte pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8155de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc6152dtfe pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc6152de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc4150 atl.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860dtfe pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860dte pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825dtfe pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825dte pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx820dtfe pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx820de pp.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725dthe atl.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725dhe atl.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725de atl.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820dtfe yk.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820dte yk.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820de yk.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs725de cb.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs720dte cb.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs720de cb.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "c6160 yk.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "c4150 cb.02.048", scope: null, trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8160dte pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8160de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8155dte pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc8155de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc6152dtfe pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc6152de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "xc4150 atl.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860dtfe pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860dte pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx860de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825dtfe pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825dte pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx825de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx820dtfe pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx820de pp.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725dthe atl.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725dhe atl.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cx725de atl.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820dtfe yk.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820dte yk.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs820de yk.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs725de cb.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs720dte cb.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "cs720de cb.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "c6160 yk.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, { model: "c4150 cb.02.049", scope: "ne", trust: 0.3, vendor: "lexmark", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "BID", id: "82117", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNNVD", id: "CNNVD-201601-647", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/h:lexmark:c4150", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:c6160", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs720de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs720dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs725de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs725dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cs820dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725dhe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx725dthe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx820de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx820dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx825dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:cx860dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/o:lexmark:printer_firmware", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc4150", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc6152de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc6152dtfe", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8155de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8155dte", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8160de", vulnerable: true, }, { cpe22Uri: "cpe:/h:lexmark:xc8160dte", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-001341", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported the issue.", sources: [ { db: "BID", id: "82117", }, ], trust: 0.3, }, cve: "CVE-2016-1896", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2016-1896", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2016-00801", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-90715", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-1896", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-1896", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-1896", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2016-00801", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201601-647", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-90715", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "VULHUB", id: "VHN-90715", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNNVD", id: "CNNVD-201601-647", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAuthentication may be circumvented by a third party using unauthorized detection of the security jumper status. Lexmarkprinter is a printer product from Lexmark. A remote attacker bypasses authentication by incorrect detection of the security-jumper state. Lexmark Laser Printers are prone to a local authentication-bypass vulnerability. \nA local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. The following versions are affected: Lexmark printers using ATL versions prior to ATL.02.049, CB versions prior to CB.02.049, PP versions prior to PP.02.049, and YK versions prior to YK.02.049", sources: [ { db: "NVD", id: "CVE-2016-1896", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNVD", id: "CNVD-2016-00801", }, { db: "BID", id: "82117", }, { db: "VULHUB", id: "VHN-90715", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-1896", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2016-001341", trust: 0.8, }, { db: "CNVD", id: "CNVD-2016-00801", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201601-647", trust: 0.6, }, { db: "BID", id: "82117", trust: 0.4, }, { db: "VULHUB", id: "VHN-90715", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "VULHUB", id: "VHN-90715", }, { db: "BID", id: "82117", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNNVD", id: "CNNVD-201601-647", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, id: "VAR-201601-0529", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "VULHUB", id: "VHN-90715", }, ], trust: 1.5, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, ], }, last_update_date: "2024-11-23T22:22:47.355000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TE745", trust: 0.8, url: "http://support.lexmark.com/index?page=content&id=TE745", }, { title: "Lexmark printer competition conditional vulnerability patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/71102", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-264", trust: 1.9, }, { problemtype: "CWE-254", trust: 1.1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-90715", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://support.lexmark.com/index?page=content&id=te745", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1896", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1896", }, { trust: 0.7, url: "http://support.lexmark.com/index?page=content&id=te745", }, { trust: 0.3, url: "http://www.lexmark.com/", }, { trust: 0.3, url: "http://support.lexmark.com/index?page=content&id=te745&locale=en&userlocale=en_us", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "VULHUB", id: "VHN-90715", }, { db: "BID", id: "82117", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNNVD", id: "CNNVD-201601-647", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-00801", }, { db: "VULHUB", id: "VHN-90715", }, { db: "BID", id: "82117", }, { db: "JVNDB", id: "JVNDB-2016-001341", }, { db: "CNNVD", id: "CNNVD-201601-647", }, { db: "NVD", id: "CVE-2016-1896", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-02-03T00:00:00", db: "CNVD", id: "CNVD-2016-00801", }, { date: "2016-01-27T00:00:00", db: "VULHUB", id: "VHN-90715", }, { date: "2016-01-25T00:00:00", db: "BID", id: "82117", }, { date: "2016-02-02T00:00:00", db: "JVNDB", id: "JVNDB-2016-001341", }, { date: "2016-01-28T00:00:00", db: "CNNVD", id: "CNNVD-201601-647", }, { date: "2016-01-27T05:59:04.307000", db: "NVD", id: "CVE-2016-1896", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-02-03T00:00:00", db: "CNVD", id: "CNVD-2016-00801", }, { date: "2016-02-01T00:00:00", db: "VULHUB", id: "VHN-90715", }, { date: "2016-01-25T00:00:00", db: "BID", id: "82117", }, { date: "2016-02-02T00:00:00", db: "JVNDB", id: "JVNDB-2016-001341", }, { date: "2016-01-28T00:00:00", db: "CNNVD", id: "CNNVD-201601-647", }, { date: "2024-11-21T02:47:16.937000", db: "NVD", id: "CVE-2016-1896", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201601-647", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lexmark Vulnerability that bypasses authentication in printer firmware initialization process", sources: [ { db: "JVNDB", id: "JVNDB-2016-001341", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control", sources: [ { db: "CNNVD", id: "CNNVD-201601-647", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2016-04-22 00:59
Modified
2024-11-21 02:49
Severity ?
Summary
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.lexmark.com/index?page=content&id=TE760 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lexmark.com/index?page=content&id=TE760 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lexmark | printer_firmware | * | |
| lexmark | cx820de | - | |
| lexmark | cx820dtfe | - | |
| lexmark | cx825de | - | |
| lexmark | cx825dte | - | |
| lexmark | cx825dtfe | - | |
| lexmark | cx860de | - | |
| lexmark | cx860dte | - | |
| lexmark | cx860dtfe | - | |
| lexmark | xc6152de | - | |
| lexmark | xc6152dtfe | - | |
| lexmark | xc8155de | - | |
| lexmark | xc8155dte | - | |
| lexmark | xc8160de | - | |
| lexmark | xc8160dte | - | |
| lexmark | printer_firmware | * | |
| lexmark | c4150 | - | |
| lexmark | cs720de | - | |
| lexmark | cs720dte | - | |
| lexmark | cs725de | - | |
| lexmark | cs725dte | - | |
| lexmark | printer_firmware | * | |
| lexmark | c6160 | - | |
| lexmark | printer_firmware | * | |
| lexmark | cs820de | - | |
| lexmark | cs820dte | - | |
| lexmark | cs820dtfe | - | |
| lexmark | printer_firmware | * | |
| lexmark | cx725de | - | |
| lexmark | cx725dhe | - | |
| lexmark | cx725dthe | - | |
| lexmark | xc4150 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEAC5802-B92B-4895-8C63-4FFD599644C1", versionEndIncluding: "pp.021.062", versionStartIncluding: "pp", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:cx820de:-:*:*:*:*:*:*:*", matchCriteriaId: "67527A88-0DC6-4E7B-A1F0-CE472C19D9F1", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx820dtfe:-:*:*:*:*:*:*:*", matchCriteriaId: "EB1FFAD9-EED0-49A8-9123-3046B07B4681", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825de:-:*:*:*:*:*:*:*", matchCriteriaId: "90B573EB-7A2D-4178-886F-03998D0BEFD1", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825dte:-:*:*:*:*:*:*:*", matchCriteriaId: "21CEFE60-AD40-44F4-9B40-321D348BA3AD", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825dtfe:-:*:*:*:*:*:*:*", matchCriteriaId: "E6A5F3CB-C008-4C62-AB60-4B89FCDA1DB0", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860de:-:*:*:*:*:*:*:*", matchCriteriaId: "6FEE5761-0C06-4478-B1EC-EA33F1F6DEF2", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860dte:-:*:*:*:*:*:*:*", matchCriteriaId: "021A4710-334E-4993-B471-43B4CE5976B8", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860dtfe:-:*:*:*:*:*:*:*", matchCriteriaId: "39F645E6-472B-4FCA-8AD7-5B420A558FEB", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc6152de:-:*:*:*:*:*:*:*", matchCriteriaId: "09B4032F-D131-4E49-A58C-7363436BC78D", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc6152dtfe:-:*:*:*:*:*:*:*", matchCriteriaId: "0C61A938-34A3-48C0-9688-48EAFE2D4A24", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8155de:-:*:*:*:*:*:*:*", matchCriteriaId: "DFAE4AEF-F23B-404D-BC1A-BA2441FAB10A", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8155dte:-:*:*:*:*:*:*:*", matchCriteriaId: "4B117121-240E-440F-BF7E-B8F808E918F9", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8160de:-:*:*:*:*:*:*:*", matchCriteriaId: "2631BC7C-CA86-4581-A3AD-FBE61244F1E8", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8160dte:-:*:*:*:*:*:*:*", matchCriteriaId: "A41A9CAA-CF8A-48F2-AECB-D16C415A42AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE80275C-40AD-4BEC-AF9D-8BFB9A42929E", versionEndIncluding: "cb.021.062", versionStartIncluding: "cb", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:c4150:-:*:*:*:*:*:*:*", matchCriteriaId: "324EC762-1276-4121-916B-9981925F242D", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs720de:-:*:*:*:*:*:*:*", matchCriteriaId: "E1427A6D-CEA4-440C-B10A-36E17082F792", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs720dte:-:*:*:*:*:*:*:*", matchCriteriaId: "70D39A4C-568A-45CC-9C08-45CC4E6E32A0", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs725de:-:*:*:*:*:*:*:*", matchCriteriaId: "C5573FDD-3B85-4477-807D-B4C0A5998622", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs725dte:-:*:*:*:*:*:*:*", matchCriteriaId: "F4ACBB26-772F-4D32-97C0-F497A726E31A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62767ADB-755F-4328-8A0B-4DF204950A2F", versionEndIncluding: "yk.021.062", versionStartIncluding: "yk", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:c6160:-:*:*:*:*:*:*:*", matchCriteriaId: "48E10C08-E129-4482-92B1-67FD6C0D0407", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1BE2AA7A-1B70-4912-89F8-97559B225F6F", versionEndIncluding: "yk.021.057", versionStartIncluding: "yk", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:cs820de:-:*:*:*:*:*:*:*", matchCriteriaId: "3625CB80-4EC1-47F4-8065-7459F5D14D0D", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs820dte:-:*:*:*:*:*:*:*", matchCriteriaId: "156414A8-0F64-48F0-A17F-A536B4B16EEF", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs820dtfe:-:*:*:*:*:*:*:*", matchCriteriaId: "5E42F25E-B296-4FFA-A41E-3CFA226697CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A75C59E7-0B30-4C10-ABFE-BB6AF7FB6118", versionEndIncluding: "atl.021.062", versionStartIncluding: "atl", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:cx725de:-:*:*:*:*:*:*:*", matchCriteriaId: "9072D963-3E31-4315-8F36-649F24E335BB", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx725dhe:-:*:*:*:*:*:*:*", matchCriteriaId: "FA61A0D6-A19E-43AB-A1D7-C18728CB527B", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx725dthe:-:*:*:*:*:*:*:*", matchCriteriaId: "79F1E777-79E7-47EB-8715-72ED79B46E5D", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc4150:-:*:*:*:*:*:*:*", matchCriteriaId: "74A27B92-5F83-4280-93EA-31F115408405", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.", }, { lang: "es", value: "Impresoras Lexmark con firmware ATL en versiones anteriores a ATL.021.063, CB en versiones anteriores a CB.021.063, PP en versiones anteriores a PP.021.063 y YK en versiones anteriores a YK.021.063 maneja incorectamente las acciones Erase Printer Memory y Erase Hard Disk, lo que permite a atacantes físicamente próximos obtener información sensible a través de lectura directa de operaciones sobre memoria no volátil.", }, ], id: "CVE-2016-3145", lastModified: "2024-11-21T02:49:28.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-22T00:59:09.493", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.lexmark.com/index?page=content&id=TE760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.lexmark.com/index?page=content&id=TE760", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2024-11-21 02:47
Severity ?
Summary
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.lexmark.com/index?page=content&id=TE745 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lexmark.com/index?page=content&id=TE745 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lexmark | printer_firmware | * | |
| lexmark | c4150 | * | |
| lexmark | cs720de | * | |
| lexmark | cs720dte | * | |
| lexmark | cs725de | * | |
| lexmark | cs725dte | * | |
| lexmark | printer_firmware | * | |
| lexmark | cx725de | * | |
| lexmark | cx725dhe | * | |
| lexmark | cx725dthe | * | |
| lexmark | xc4150 | * | |
| lexmark | printer_firmware | * | |
| lexmark | c6160 | * | |
| lexmark | cs820de | * | |
| lexmark | cs820dte | * | |
| lexmark | cs820dtfe | * | |
| lexmark | printer_firmware | * | |
| lexmark | cx820de | * | |
| lexmark | cx820dtfe | * | |
| lexmark | cx825de | * | |
| lexmark | cx825dte | * | |
| lexmark | cx825dtfe | * | |
| lexmark | cx860de | * | |
| lexmark | cx860dte | * | |
| lexmark | cx860dtfe | * | |
| lexmark | xc6152de | * | |
| lexmark | xc6152dtfe | * | |
| lexmark | xc8155de | * | |
| lexmark | xc8155dte | * | |
| lexmark | xc8160de | * | |
| lexmark | xc8160dte | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C29BEB30-DC3B-4922-9234-9F4CB9E2C048", versionEndIncluding: "cb.02.048", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:c4150:*:*:*:*:*:*:*:*", matchCriteriaId: "EF07C509-7E15-414C-9F1A-0DF8204136CC", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs720de:*:*:*:*:*:*:*:*", matchCriteriaId: "0AD322C1-05F1-42AA-9F94-46F53E0529C0", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs720dte:*:*:*:*:*:*:*:*", matchCriteriaId: "11E85F1B-AE5F-4515-A5E0-5FAE4DF22228", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs725de:*:*:*:*:*:*:*:*", matchCriteriaId: "F637ED5E-EBAA-42FA-B1EC-5A62BC35C1AA", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs725dte:*:*:*:*:*:*:*:*", matchCriteriaId: "36DF826B-6EE0-4C67-AB9C-56B86516EF07", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46D65111-B7BC-4A60-83CB-0D3C2CF216DF", versionEndIncluding: "atl.02.048", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:cx725de:*:*:*:*:*:*:*:*", matchCriteriaId: "DE911CAA-BB40-462E-B7B1-08E6B8120536", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx725dhe:*:*:*:*:*:*:*:*", matchCriteriaId: "536113D5-F589-4EDA-A273-56B3E73450CC", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx725dthe:*:*:*:*:*:*:*:*", matchCriteriaId: "2E4B5588-09A3-4FA2-81D0-715B52902B02", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc4150:*:*:*:*:*:*:*:*", matchCriteriaId: "5BFB88AA-AA66-46E1-AA48-DA149E50A57C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8CDC2CBD-3940-4952-8546-E6EA66C0725F", versionEndIncluding: "yk.02.048", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:c6160:*:*:*:*:*:*:*:*", matchCriteriaId: "B4E4434A-93AE-494E-8D46-4F7BE14AFFCB", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs820de:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF541E0-D4DA-4B4C-8870-D3EC59EC9F83", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs820dte:*:*:*:*:*:*:*:*", matchCriteriaId: "B79F4035-1CEC-488F-9066-83E48D19CAA9", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cs820dtfe:*:*:*:*:*:*:*:*", matchCriteriaId: "8CC04B20-E795-49B2-8A84-1F559409D770", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB4760C3-77CB-4179-B7E9-79538C206498", versionEndIncluding: "pp.02.048", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lexmark:cx820de:*:*:*:*:*:*:*:*", matchCriteriaId: "B6CA052D-1DE0-45CC-8317-AE62D59179DA", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx820dtfe:*:*:*:*:*:*:*:*", matchCriteriaId: "4AD59709-2F7D-402B-8BEB-39F254B5F92A", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825de:*:*:*:*:*:*:*:*", matchCriteriaId: "1751C220-21F2-4B00-BC83-4547C3EB549F", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825dte:*:*:*:*:*:*:*:*", matchCriteriaId: "AE9956F4-B90F-4DF2-A010-162DE39C1586", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx825dtfe:*:*:*:*:*:*:*:*", matchCriteriaId: "7BA85370-DB44-4D02-AC9D-3F7732ABAF48", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860de:*:*:*:*:*:*:*:*", matchCriteriaId: "1D26F568-042D-4247-A728-933AF110BC51", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860dte:*:*:*:*:*:*:*:*", matchCriteriaId: "DCD0E198-C530-4FD3-AE96-5C75BDF2B7E7", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:cx860dtfe:*:*:*:*:*:*:*:*", matchCriteriaId: "43839086-5EA5-4FB6-B92D-378FECD3C9BD", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc6152de:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0403F7-39BD-463F-83A2-3722AD2568B0", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc6152dtfe:*:*:*:*:*:*:*:*", matchCriteriaId: "4A553DB8-FA2D-4AFD-9B2D-96F52F90AECD", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8155de:*:*:*:*:*:*:*:*", matchCriteriaId: "67CFD744-5BF8-4912-B9ED-68037528FDF4", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8155dte:*:*:*:*:*:*:*:*", matchCriteriaId: "14DB6F86-9F8D-4065-BAFB-AF393FEDE24C", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8160de:*:*:*:*:*:*:*:*", matchCriteriaId: "98059800-F8CE-4963-A3C8-7BFE2BEBE2A3", vulnerable: false, }, { criteria: "cpe:2.3:h:lexmark:xc8160dte:*:*:*:*:*:*:*:*", matchCriteriaId: "806FECDA-5A28-46E8-8AEA-534560B58042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.", }, { lang: "es", value: "Condición de carrera en el proceso de inicialización en impresoras Lexmark con firmware ATL en versiones anteriores a ATL.02.049, CB en versiones anteriores a CB.02.049, PP en versiones anteriores a PP.02.049 y YK en versiones anteriores a YK.02.049 permite a atacantes remotos eludir la autenticación aprovechando una detección incorrecta del estado del puente de seguridad.", }, ], id: "CVE-2016-1896", lastModified: "2024-11-21T02:47:16.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-27T05:59:04.307", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.lexmark.com/index?page=content&id=TE745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.lexmark.com/index?page=content&id=TE745", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-1896
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.lexmark.com/index?page=content&id=TE745 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:10:39.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lexmark.com/index?page=content&id=TE745", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-25T00:00:00", descriptions: [ { lang: "en", value: "Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-01-27T04:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lexmark.com/index?page=content&id=TE745", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-1896", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.lexmark.com/index?page=content&id=TE745", refsource: "CONFIRM", url: "http://support.lexmark.com/index?page=content&id=TE745", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-1896", datePublished: "2016-01-27T02:00:00", dateReserved: "2016-01-13T00:00:00", dateUpdated: "2024-08-05T23:10:39.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3145
Vulnerability from cvelistv5
Published
2016-04-22 00:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.lexmark.com/index?page=content&id=TE760 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lexmark.com/index?page=content&id=TE760", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-30T00:00:00", descriptions: [ { lang: "en", value: "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-04-22T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lexmark.com/index?page=content&id=TE760", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.lexmark.com/index?page=content&id=TE760", refsource: "CONFIRM", url: "http://support.lexmark.com/index?page=content&id=TE760", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3145", datePublished: "2016-04-22T00:00:00", dateReserved: "2016-03-14T00:00:00", dateUpdated: "2024-08-05T23:47:57.988Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }