Vulnerability CVE-2010-0101


Published: 2010-05-04   Modified: 2012-02-13

Description:
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header.

Type:

CWE-20

(Improper Input Validation)

Vendor: Lexmark
Product: C543 
Product: T654 
Product: 25xxn 
Product: N8130 
Product: X86X 
Product: E462 
Product: X65X 
Product: E350 
Product: X546 
Product: E240n 
Product: X36X 
Product: C935dn 
Product: C546 
Product: W840 
Product: C52X 
Product: T64X 
Product: N4050e 
Product: X772e 
Product: E360dn 
Product: X644 
Product: E260 
Product: X46X 
Product: E238 
Product: X20X 
Product: C77X 
Product: C540 
Product: T652 
Product: N8120 
Product: X85X 
Product: E460 
Product: X64xef 
Product: E34X 
Product: X544 
Product: E240 
Product: X34X 
Product: C920 
Product: C544 
Product: T656 
Product: C510 
Product: T430 
Product: X94X 
Product: N4000 
Product: X73X 
Product: E360d 
Product: X642 
Product: E250 
Product: X422 
Product: E120 
Product: C73X 
Product: W850 
Product: C53X 
Product: T650 
Product: N70xxe 
Product: X782e 
Product: E450 
Product: X646 
Product: E33X 
Product: X543 
Product: E23X 
Product: X26X 
Product: C78X 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US

Related CVE
CVE-2019-9933
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
CVE-2019-9932
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
CVE-2019-9931
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
CVE-2019-9930
Various Lexmark products have an Integer Overflow.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2019-10057
Various Lexmark products have CSRF.
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).

Copyright 2019, cxsecurity.com

 

Back to Top