Vulnerability CVE-2018-17944


Published: 2019-03-12

Description:
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Lexmark -> Cx725h firmware 
Lexmark -> Cx820 firmware 
Lexmark -> Cx825 firmware 
Lexmark -> Cx860 firmware 
Lexmark -> Xc4150 firmware 
Lexmark -> Xc6152 firmware 
Lexmark -> Xc8155 firmware 
Lexmark -> Xc8160 firmware 

 References:
http://support.lexmark.com/index?page=content&id=TE909

Copyright 2024, cxsecurity.com

 

Back to Top