Vulnerability CVE-2018-15520


Published: 2019-06-28

Description:
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Lexmark
Product: Xm7355 firmware 
Version: mxtgw.052.024;
Product: Xm5370 firmware 
Version: mxtgw.052.024;
Product: Mx82x firmware 
Version: mxtgw.052.024;
Product: Mb2770 firmware 
Version: mxtgw.052.024;
Product: Xm7370 firmware 
Version: mxtgw.052.024;
Product: Mx72x firmware 
Version: mxtgw.052.024;
Product: Mx42x firmware 
Version: mxtgm.052.024;
Product: Xm124x firmware 
Version: mxtgm.052.024;
Product: Mx622 firmware 
Version: mxtgm.052.024;
Product: Mb2546 firmware 
Version: mxtgm.052.024;
Product: Mx52x firmware 
Version: mxtgm.052.024;
Product: Mb2442 firmware 
Version: mxtgm.052.024;
Product: Xm3250 firmware 
Version: mxtgm.052.024;
Product: Mb2650 firmware 
Version: mxtgm.052.024;
Product: Mb2338 firmware 
Version: mxngm.052.024;
Product: Mx321 firmware 
Version: mxngm.052.024;
Product: Xc2235 firmware 
Version: cxtzj.052.024;
Product: Cx62x firmware 
Version: cxtzj.052.024;
Product: Xc4240 firmware 
Version: cxtzj.052.024;
Product: Mc2535 firmware 
Version: cxtzj.052.024;
Product: Cx522 firmware 
Version: cxtzj.052.024;
Product: Mc2640 firmware 
Version: cxtzj.052.024;
Product: Cx860 firmware 
Version: cxtpp.052.024;
Product: Xc8160 firmware 
Version: cxtpp.052.024;
Product: Cx82x firmware 
Version: cxtpp.052.024;
Product: Xc8155 firmware 
Version: cxtpp.052.024;
Product: Xc6152 firmware 
Version: cxtpp.052.024;
Product: Cx92x firmware 
Version: cxtmh.052.024;
Product: Xc92x5 firmware 
Version: cxtmh.052.024;
Product: Xc41x0 firmware 
Version: cxtat.052.024;
Product: Cx72x firmware 
Version: cxtat.052.024;
Product: Cx421 firmware 
Version: cxnzj.052.024;
Product: Mc2325 firmware 
Version: cxnzj.052.024;
Product: Mc2425 firmware 
Version: cxnzj.052.024;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://support.lexmark.com/index?page=content&id=TE892

Related CVE
CVE-2019-9933
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
CVE-2019-9932
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
CVE-2019-9931
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
CVE-2019-9930
Various Lexmark products have an Integer Overflow.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2019-10057
Various Lexmark products have CSRF.
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).

Copyright 2019, cxsecurity.com

 

Back to Top