Vulnerability CVE-2019-6489


Published: 2019-02-11

Description:
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.

Type:

CWE-20

(Improper Input Validation)

Vendor: Lexmark
Product: Xm7170 firmware 
Version: lw71.tu.p216;
Product: Xm5170 firmware 
Version: lw71.tu.p216;
Product: Mx81x firmware 
Version: lw71.tu.p216;
Product: Xm7155x firmware 
Version: lw71.tu.p216;
Product: Xm7163x firmware 
Version: lw71.tu.p216;
Product: Xm5163 firmware 
Version: lw71.tu.p216;
Product: Mx71x firmware 
Version: lw71.tu.p216;
Product: Xm7170x firmware 
Version: lw71.tu.p216;
Product: Xm7155 firmware 
Version: lw71.tu.p216;
Product: Xm7163 firmware 
Version: lw71.tu.p216;
Product: Mx611 firmware 
Version: lw71.sb7.p216;
Product: Mx610 firmware 
Version: lw71.sb7.p216;
Product: Xm3150 firmware 
Version: lw71.sb7.p216;
Product: Mx410 firmware 
Version: lw71.sb4.p216;
Product: Mx511 firmware 
Version: lw71.sb4.p216;
Product: Xm1145 firmware 
Version: lw71.sb4.p216;
Product: Mx510 firmware 
Version: lw71.sb4.p216;
Product: Mx31x firmware 
Version: lw71.sb2.p216;
Product: Xm91x firmware 
Version: lw71.mg.p216;
Product: Mx91x firmware 
Version: lw71.mg.p216;
Product: Mx6500e firmware 
Version: lw71.jd.p216;
Product: Xc2132 firmware 
Version: lw71.gm7.p216;
Product: Cx510 firmware 
Version: lw71.gm7.p216;
Product: Cx410 firmware 
Version: lw71.gm4.p216;
Product: Cx310 firmware 
Version: lw71.gm2.p216;
Product: X65x firmware 
Version: lr.mn.p809;
Product: X73x firmware 
Version: lr.fl.p809;
Product: X46x firmware 
Version: lr.bs.p809;
Product: X86x firmware 
Version: lp.sp.p809;
Product: Xs548 firmware 
Version: lhs60.vk.p682;
Product: X548 firmware 
Version: lhs60.vk.p682;
Product: X95x firmware 
Version: lhs60.tq.p682;
Product: Xs95x firmware 
Version: lhs60.tq.p682;
Product: Xs748 firmware 
Version: lhs60.ny.p682;
Product: X74x firmware 
Version: lhs60.ny.p682;
Product: Xs79x firmware 
Version: lhs60.mr.p682;
Product: X792 firmware 
Version: lhs60.mr.p682;
Product: 6500e firmware 
Version: lhs60.jr.p809;
Product: X925 firmware 
Version: lhs60.hk.p682;
Product: Xs925 firmware 
Version: lhs60.hk.p682;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://support.lexmark.com/index?page=content&id=TE912

Related CVE
CVE-2019-9933
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
CVE-2019-9932
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
CVE-2019-9931
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
CVE-2019-9930
Various Lexmark products have an Integer Overflow.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2019-10057
Various Lexmark products have CSRF.
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).

Copyright 2019, cxsecurity.com

 

Back to Top