Vulnerability CVE-2018-15519


Published: 2019-06-28

Description:
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Lexmark
Product: Xm51xx firmware 
Version: lw70.tu.p204;
Product: Mx71x firmware 
Version: lw70.tu.p204;
Product: Xm71xx firmware 
Version: lw70.tu.p204;
Product: Mx81x firmware 
Version: lw70.tu.p204;
Product: Mx61x firmware 
Version: lw70.sb7.p204;
Product: Xm3150 firmware 
Version: lw70.sb7.p204;
Product: Mx41x firmware 
Version: lw70.sb4.p204;
Product: Xm1145 firmware 
Version: lw70.sb4.p204;
Product: Mx51x firmware 
Version: lw70.sb4.p204;
Product: Mx31x firmware 
Version: lw70.sb2.p204;
Product: Xm91x firmware 
Version: lw70.mg.p204;
Product: Mx91x firmware 
Version: lw70.mg.p204;
Product: Mx6500 firmware 
Version: lw70.jd.p204;
Product: Xc2132 firmware 
Version: lw70.gm7.p204;
Product: Cx510 firmware 
Version: lw70.gm7.p204;
Product: Cx410 firmware 
Version: lw70.gm4.p204;
Product: Cx310 firmware 
Version: lw70.gm2.p204;
Product: X86x firmware 
Version: lr.sp.p803;
Product: X65x firmware 
Version: lr.mn.p803;
Product: X73x firmware 
Version: lr.fl.p803;
Product: X46x firmware 
Version: lr.bs.p803;
Product: Xs54x firmware 
Version: lhs60.vk.p671;
Product: X54x firmware 
Version: lhs60.vk.p671;
Product: Xs95x firmware 
Version: lhs60.tq.p671;
Product: X95x firmware 
Version: lhs60.tq.p671;
Product: X74x firmware 
Version: lhs60.ny.p671;
Product: Xs74x firmware 
Version: lhs60.ny.p671;
Product: X79x firmware 
Version: lhs60.mr.p671;
Product: Xs79x firmware 
Version: lhs60.mr.p671;
Product: 6500 firmware 
Version: lhs60.jr.p671;
Product: X92x firmware 
Version: lhs60.hk.p671;
Product: Xs92x firmware 
Version: lhs60.hk.p671;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://support.lexmark.com/index?page=content&id=TE892

Related CVE
CVE-2018-15520
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
CVE-2018-17944
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent the...
CVE-2019-6489
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/...
CVE-2017-2821
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
CVE-2017-2822
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont...
CVE-2017-2806
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi...
CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme...

Copyright 2019, cxsecurity.com

 

Back to Top