CVE-2018-17944
4.9
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD
Description
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
Affected (8)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx725h | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx820 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx825 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Cx860 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Xc4150 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Xc6152 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Xc8155 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lexmark Xc8160 | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.