CVE-2016-1896
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
Affected (4)
Products: Lexmark: Printer Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to cb.02.048 |
| Running on/with | Platform Versions |
|---|---|
Lexmark C4150 | All versions |
Lexmark Cs720de | All versions |
Lexmark Cs720dte | All versions |
Lexmark Cs725de | All versions |
Lexmark Cs725dte | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to atl.02.048 |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx725de | All versions |
Lexmark Cx725dhe | All versions |
Lexmark Cx725dthe | All versions |
Lexmark Xc4150 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to yk.02.048 |
| Running on/with | Platform Versions |
|---|---|
Lexmark C6160 | All versions |
Lexmark Cs820de | All versions |
Lexmark Cs820dte | All versions |
Lexmark Cs820dtfe | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to pp.02.048 |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx820de | All versions |
Lexmark Cx820dtfe | All versions |
Lexmark Cx825de | All versions |
Lexmark Cx825dte | All versions |
Lexmark Cx825dtfe | All versions |
Lexmark Cx860de | All versions |
Lexmark Cx860dte | All versions |
Lexmark Cx860dtfe | All versions |
Lexmark Xc6152de | All versions |
Lexmark Xc6152dtfe | All versions |
Lexmark Xc8155de | All versions |
Lexmark Xc8155dte | All versions |
Lexmark Xc8160de | All versions |
Lexmark Xc8160dte | All versions |
Related CWEs
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.