Vulnerability CVE-2010-0101


Published: 2010-05-04   Modified: 2012-02-13

Description:
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header.

Type:

CWE-20

(Improper Input Validation)

Vendor: Lexmark
Product: C543 
Product: T654 
Product: 25xxn 
Product: N8130 
Product: E462 
Product: X86X 
Product: E350 
Product: X65X 
Product: E240n 
Product: X546 
Product: C935dn 
Product: X36X 
Product: C546 
Product: W840 
Product: C52X 
Product: T64X 
Product: N4050e 
Product: E360dn 
Product: X772e 
Product: E260 
Product: X644 
Product: E238 
Product: X46X 
Product: C77X 
Product: X20X 
Product: C540 
Product: T652 
Product: N8120 
Product: E460 
Product: X85X 
Product: E34X 
Product: X64xef 
Product: E240 
Product: X544 
Product: C920 
Product: X34X 
Product: C544 
Product: T656 
Product: C510 
Product: T430 
Product: N4000 
Product: X94X 
Product: E360d 
Product: X73X 
Product: E250 
Product: X642 
Product: E120 
Product: X422 
Product: C73X 
Product: W850 
Product: C53X 
Product: T650 
Product: N70xxe 
Product: E450 
Product: X782e 
Product: E33X 
Product: X646 
Product: E23X 
Product: X543 
Product: C78X 
Product: X26X 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US

Related CVE
CVE-2018-17944
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent the...
CVE-2019-6489
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/...
CVE-2017-2821
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
CVE-2017-2822
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont...
CVE-2017-2806
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi...
CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme...
CVE-2016-4335
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.

Copyright 2019, cxsecurity.com

 

Back to Top