Vulnerabilities > CVE-2016-1896 - 7PK - Security Features vulnerability in Lexmark Printer Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

lexmark

CWE-254

critical

NVD

Published: 2016-01-27

Updated: 2016-02-01

Summary

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

Vulnerable Configurations

Part	Description	Count
OS	Lexmark Lexmark Printer Firmware Atl Lexmark Printer Firmware Atl.02.048 Lexmark Printer Firmware Atl.021.062 Lexmark Printer Firmware Atl.021.063 Lexmark Printer Firmware Cb Lexmark Printer Firmware Cb.02.048 Lexmark Printer Firmware Cb.021.062 Lexmark Printer Firmware Cb.021.063 Lexmark Printer Firmware Pp Lexmark Printer Firmware Pp.02.048 Lexmark Printer Firmware Pp.021.062 Lexmark Printer Firmware Pp.021.063 Lexmark Printer Firmware Yk Lexmark Printer Firmware Yk.02.048	14
Hardware	Lexmark Lexmark C4150 * Lexmark Cs720De * Lexmark Cs720Dte * Lexmark Cs725De * Lexmark Cs725Dte * Lexmark Cx725De * Lexmark Cx725Dhe * Lexmark Cx725Dthe * Lexmark Xc4150 * Lexmark C6160 * Lexmark Cs820De * Lexmark Cs820Dte * Lexmark Cs820Dtfe * Lexmark Cx820De * Lexmark Cx820Dtfe * Lexmark Cx825De * Lexmark Cx825Dte * Lexmark Cx825Dtfe * Lexmark Cx860De * Lexmark Cx860Dte * Lexmark Cx860Dtfe * Lexmark Xc6152De * Lexmark Xc6152Dtfe * Lexmark Xc8155De * Lexmark Xc8155Dte * Lexmark Xc8160De * Lexmark Xc8160Dte *	27

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://support.lexmark.com/index?page=content&id=TE745