Vulnerability CVE-2019-6489


Published: 2019-02-11

Description:
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.

Type:

CWE-20

(Improper Input Validation)

Vendor: Lexmark
Product: Xm7170 firmware 
Version: lw71.tu.p216;
Product: Xm5170 firmware 
Version: lw71.tu.p216;
Product: Mx81x firmware 
Version: lw71.tu.p216;
Product: Xm7155x firmware 
Version: lw71.tu.p216;
Product: Xm7163x firmware 
Version: lw71.tu.p216;
Product: Xm5163 firmware 
Version: lw71.tu.p216;
Product: Mx71x firmware 
Version: lw71.tu.p216;
Product: Xm7170x firmware 
Version: lw71.tu.p216;
Product: Xm7155 firmware 
Version: lw71.tu.p216;
Product: Xm7163 firmware 
Version: lw71.tu.p216;
Product: Mx611 firmware 
Version: lw71.sb7.p216;
Product: Mx610 firmware 
Version: lw71.sb7.p216;
Product: Xm3150 firmware 
Version: lw71.sb7.p216;
Product: Mx410 firmware 
Version: lw71.sb4.p216;
Product: Mx511 firmware 
Version: lw71.sb4.p216;
Product: Xm1145 firmware 
Version: lw71.sb4.p216;
Product: Mx510 firmware 
Version: lw71.sb4.p216;
Product: Mx31x firmware 
Version: lw71.sb2.p216;
Product: Xm91x firmware 
Version: lw71.mg.p216;
Product: Mx91x firmware 
Version: lw71.mg.p216;
Product: Mx6500e firmware 
Version: lw71.jd.p216;
Product: Xc2132 firmware 
Version: lw71.gm7.p216;
Product: Cx510 firmware 
Version: lw71.gm7.p216;
Product: Cx410 firmware 
Version: lw71.gm4.p216;
Product: Cx310 firmware 
Version: lw71.gm2.p216;
Product: X65x firmware 
Version: lr.mn.p809;
Product: X73x firmware 
Version: lr.fl.p809;
Product: X46x firmware 
Version: lr.bs.p809;
Product: X86x firmware 
Version: lp.sp.p809;
Product: Xs548 firmware 
Version: lhs60.vk.p682;
Product: X548 firmware 
Version: lhs60.vk.p682;
Product: X95x firmware 
Version: lhs60.tq.p682;
Product: Xs95x firmware 
Version: lhs60.tq.p682;
Product: Xs748 firmware 
Version: lhs60.ny.p682;
Product: X74x firmware 
Version: lhs60.ny.p682;
Product: Xs79x firmware 
Version: lhs60.mr.p682;
Product: X792 firmware 
Version: lhs60.mr.p682;
Product: 6500e firmware 
Version: lhs60.jr.p809;
Product: X925 firmware 
Version: lhs60.hk.p682;
Product: Xs925 firmware 
Version: lhs60.hk.p682;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://support.lexmark.com/index?page=content&id=TE912

Related CVE
CVE-2018-15520
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
CVE-2018-15519
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
CVE-2018-17944
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent the...
CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/...
CVE-2017-2821
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
CVE-2017-2822
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont...
CVE-2017-2806
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi...
CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme...

Copyright 2019, cxsecurity.com

 

Back to Top