Vulnerability CVE-2013-6032


Published: 2014-02-04

Description:
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

See advisories in our WLB2 database:
Topic
Author
Date
High
Lexmark config.html remote remove admin password
USCERT
06.02.2014

Type:

CWE-20

(Improper Input Validation)

Vendor: Lexmark
Product: C920 
Version: ls.ta.p152;
Product: C53X 
Version: ls.sw.p069;
Product: T64X 
Version: ls.st.p343;
Product: W840 
Version: ls.ha.p252;
Product: C52X 
Version: ls.fa.p150;
Product: E450 
Version: lm.sz.p124;
Product: E250 
Version: le.pm.p126;
Product: E350 
Version: le.ph.p129;
Product: 25xxn 
Version: lcl.cu.p114;
Product: X85X 
Version: lc4.be.p487;
Product: X644 
Version: lc4.be.p487;
Product: X772 
Version: lc2.tr.p291;
Product: X64xef 
Version: lc2.ti.p325;
Product: X646 
Version: lc2.mc.p373;
Product: X642 
Version: lc2.mb.p318;
Product: X78X 
Version: lc2.io.p335;
Product: N4000 
Version: lc.md.p119;
Product: C935dn 
Version: lc.jo.p091;
Product: C78X 
Version: lc.io.p187;
Product: N70xxe 
Version: lc.co.n309;
Product: C77X 
Version: lc.cm.p052;
Product: X94X 
Version: lc.br.p141;
Product: N4050e 
Version: go.go.n206;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/108062
http://support.lexmark.com/index?page=content&id=TE586

Related CVE
CVE-2019-9933
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
CVE-2019-9932
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
CVE-2019-9931
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
CVE-2019-9930
Various Lexmark products have an Integer Overflow.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2019-10057
Various Lexmark products have CSRF.
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).

Copyright 2019, cxsecurity.com

 

Back to Top