Vulnerability CVE-2018-15520


Published: 2019-06-28

Description:
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Lexmark
Product: Xm7355 firmware 
Version: mxtgw.052.024;
Product: Xm5370 firmware 
Version: mxtgw.052.024;
Product: Mx82x firmware 
Version: mxtgw.052.024;
Product: Mb2770 firmware 
Version: mxtgw.052.024;
Product: Xm7370 firmware 
Version: mxtgw.052.024;
Product: Mx72x firmware 
Version: mxtgw.052.024;
Product: Mx42x firmware 
Version: mxtgm.052.024;
Product: Xm124x firmware 
Version: mxtgm.052.024;
Product: Mx622 firmware 
Version: mxtgm.052.024;
Product: Mb2546 firmware 
Version: mxtgm.052.024;
Product: Mx52x firmware 
Version: mxtgm.052.024;
Product: Mb2442 firmware 
Version: mxtgm.052.024;
Product: Xm3250 firmware 
Version: mxtgm.052.024;
Product: Mb2650 firmware 
Version: mxtgm.052.024;
Product: Mb2338 firmware 
Version: mxngm.052.024;
Product: Mx321 firmware 
Version: mxngm.052.024;
Product: Xc2235 firmware 
Version: cxtzj.052.024;
Product: Cx62x firmware 
Version: cxtzj.052.024;
Product: Xc4240 firmware 
Version: cxtzj.052.024;
Product: Mc2535 firmware 
Version: cxtzj.052.024;
Product: Cx522 firmware 
Version: cxtzj.052.024;
Product: Mc2640 firmware 
Version: cxtzj.052.024;
Product: Cx860 firmware 
Version: cxtpp.052.024;
Product: Xc8160 firmware 
Version: cxtpp.052.024;
Product: Cx82x firmware 
Version: cxtpp.052.024;
Product: Xc8155 firmware 
Version: cxtpp.052.024;
Product: Xc6152 firmware 
Version: cxtpp.052.024;
Product: Cx92x firmware 
Version: cxtmh.052.024;
Product: Xc92x5 firmware 
Version: cxtmh.052.024;
Product: Xc41x0 firmware 
Version: cxtat.052.024;
Product: Cx72x firmware 
Version: cxtat.052.024;
Product: Cx421 firmware 
Version: cxnzj.052.024;
Product: Mc2325 firmware 
Version: cxnzj.052.024;
Product: Mc2425 firmware 
Version: cxnzj.052.024;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://support.lexmark.com/index?page=content&id=TE892

Related CVE
CVE-2018-15519
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
CVE-2018-17944
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent the...
CVE-2019-6489
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/...
CVE-2017-2821
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
CVE-2017-2822
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont...
CVE-2017-2806
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi...
CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme...

Copyright 2019, cxsecurity.com

 

Back to Top