CVE-2016-3145

Published: Apr 22, 2016Modified: May 6, 2026

4.6

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.

Affected (5)

Products: Lexmark: Printer Firmware

Lexmark

1 product

Printer Firmware

Configuration A

1 vulnerable · 14 platform

Vulnerable Software	Affected Versions
Lexmark Printer Firmware	From pp to pp.021.062

Running on/with	Platform Versions
Lexmark Cx820de	All versions
Lexmark Cx820dtfe	All versions
Lexmark Cx825de	All versions
Lexmark Cx825dte	All versions
Lexmark Cx825dtfe	All versions
Lexmark Cx860de	All versions
Lexmark Cx860dte	All versions
Lexmark Cx860dtfe	All versions
Lexmark Xc6152de	All versions
Lexmark Xc6152dtfe	All versions
Lexmark Xc8155de	All versions
Lexmark Xc8155dte	All versions
Lexmark Xc8160de	All versions
Lexmark Xc8160dte	All versions

Configuration B

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Lexmark Printer Firmware	From cb to cb.021.062

Running on/with	Platform Versions
Lexmark C4150	All versions
Lexmark Cs720de	All versions
Lexmark Cs720dte	All versions
Lexmark Cs725de	All versions
Lexmark Cs725dte	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Printer Firmware	From yk to yk.021.062

Running on/with	Platform Versions
Lexmark C6160	All versions

Configuration D

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Lexmark Printer Firmware	From yk to yk.021.057

Running on/with	Platform Versions
Lexmark Cs820de	All versions
Lexmark Cs820dte	All versions
Lexmark Cs820dtfe	All versions

Configuration E

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Lexmark Printer Firmware	From atl to atl.021.062

Running on/with	Platform Versions
Lexmark Cx725de	All versions
Lexmark Cx725dhe	All versions
Lexmark Cx725dthe	All versions
Lexmark Xc4150	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://support.lexmark.com/index?page=content&id=TE760

Source: cve@mitre.org

Vendor Advisory

http://support.lexmark.com/index?page=content&id=TE760

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.