Lucene search

MitreCVE-2018-17944

HistoryMar 12, 2019 - 4:29 p.m.

CVE-2018-17944

2019-03-1216:29:00

CWE-200

mitre

web.nvd.nist.gov

lexmark

ldap

smtp

hostname change

credentials

security vulnerability

unauthorized access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server’s hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

Affected configurations

Nvd

Node

lexmarkcx725h_firmwareMatch-

AND

lexmarkcx725hMatch-

Node

lexmarkcx820_firmwareMatch-

AND

lexmarkcx820Match-

Node

lexmarkcx825_firmwareMatch-

AND

lexmarkcx825Match-

Node

lexmarkcx860_firmwareMatch-

AND

lexmarkcx860Match-

Node

lexmarkxc4150_firmwareMatch-

AND

lexmarkxc4150Match-

Node

lexmarkxc6152_firmwareMatch-

AND

lexmarkxc6152Match-

Node

lexmarkxc8155_firmwareMatch-

AND

lexmarkxc8155Match-

Node

lexmarkxc8160_firmwareMatch-

AND

lexmarkxc8160Match-

VendorProductVersionCPE
lexmarkcx725h_firmware-cpe:2.3:o:lexmark:cx725h_firmware:-:*:*:*:*:*:*:*
lexmarkcx725h-cpe:2.3:h:lexmark:cx725h:-:*:*:*:*:*:*:*
lexmarkcx820_firmware-cpe:2.3:o:lexmark:cx820_firmware:-:*:*:*:*:*:*:*
lexmarkcx820-cpe:2.3:h:lexmark:cx820:-:*:*:*:*:*:*:*
lexmarkcx825_firmware-cpe:2.3:o:lexmark:cx825_firmware:-:*:*:*:*:*:*:*
lexmarkcx825-cpe:2.3:h:lexmark:cx825:-:*:*:*:*:*:*:*
lexmarkcx860_firmware-cpe:2.3:o:lexmark:cx860_firmware:-:*:*:*:*:*:*:*
lexmarkcx860-cpe:2.3:h:lexmark:cx860:-:*:*:*:*:*:*:*
lexmarkxc4150_firmware-cpe:2.3:o:lexmark:xc4150_firmware:-:*:*:*:*:*:*:*
lexmarkxc4150-cpe:2.3:h:lexmark:xc4150:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lexmark	cx725h_firmware	-	cpe:2.3:o:lexmark:cx725h_firmware:-:::::::*
lexmark	cx725h	-	cpe:2.3:h:lexmark:cx725h:-:::::::*
lexmark	cx820_firmware	-	cpe:2.3:o:lexmark:cx820_firmware:-:::::::*
lexmark	cx820	-	cpe:2.3:h:lexmark:cx820:-:::::::*
lexmark	cx825_firmware	-	cpe:2.3:o:lexmark:cx825_firmware:-:::::::*
lexmark	cx825	-	cpe:2.3:h:lexmark:cx825:-:::::::*
lexmark	cx860_firmware	-	cpe:2.3:o:lexmark:cx860_firmware:-:::::::*
lexmark	cx860	-	cpe:2.3:h:lexmark:cx860:-:::::::*
lexmark	xc4150_firmware	-	cpe:2.3:o:lexmark:xc4150_firmware:-:::::::*
lexmark	xc4150	-	cpe:2.3:h:lexmark:xc4150:-:::::::*

Rows per page:

1-10 of 161

References

support.lexmark.com/index?page=content&id=TE909

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2018-17944