Lucene search

[email protected]CVE-2019-18791

HistoryFeb 13, 2020 - 4:15 p.m.

CVE-2019-18791

2020-02-1316:15:11

CWE-79

[email protected]

web.nvd.nist.gov

lexmark

printer

xss

vulnerability

embedded web server

security

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.5%

JSON

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

Affected configurations

NVD

Node

lexmarkcx31x_firmwareRange≤lw73.vyl.p263

AND

lexmarkcx31xMatch-

Node

lexmarkcx41x_firmwareRange≤lw73.vy2.p263

AND

lexmarkcx41xMatch-

Node

lexmarkcx310_firmwareRange≤lw73.gm2.p263

AND

lexmarkcx310Match-

Node

lexmarkms310_firmwareRange≤lw73.prl.p263

AND

lexmarkms310Match-

Node

lexmarkms312_firmwareRange≤lw73.prl.p263

AND

lexmarkms312Match-

Node

lexmarkms317_firmwareRange≤lw73.prl.p263

AND

lexmarkms317Match-

Node

lexmarkms410_firmwareRange≤lw73.prl.p263

AND

lexmarkms410Match-

Node

lexmarkm1140_firmwareRange≤lw73.prl.p263

AND

lexmarkm1140Match-

Node

lexmarkms315_firmwareRange≤lw73.tl2.p263

AND

lexmarkms315Match-

Node

lexmarkms415_firmwareRange≤lw73.tl2.p263

AND

lexmarkms415Match-

Node

lexmarkms417_firmwareRange≤lw73.tl2.p263

AND

lexmarkms417Match-

Node

lexmarkms51x_firmwareRange≤lw73.pr2.p263

AND

lexmarkms51xMatch-

Node

lexmarkms610dn_firmwareRange≤lw73.pr2.p263

AND

lexmarkms610dnMatch-

Node

lexmarkms617_firmwareRange≤lw73.pr2.p263

AND

lexmarkms617Match-

Node

lexmarkm1145_firmwareRange≤lw73.pr2.p263

AND

lexmarkm1145Match-

Node

lexmarkm3150dn_firmwareRange≤lw73.pr2.p263

AND

lexmarkm3150dnMatch-

Node

lexmarkms71x_firmwareRange≤lw73.dn2.p263

AND

lexmarkms71xMatch-

Node

lexmarkm5163dn_firmwareRange≤lw73.dn2.p263

AND

lexmarkm5163dnMatch-

Node

lexmarkms810_firmwareRange≤lw73.dn2.p263

AND

lexmarkms810Match-

Node

lexmarkms811_firmwareRange≤lw73.dn2.p263

AND

lexmarkms811Match-

Node

lexmarkms812_firmwareRange≤lw73.dn2.p263

AND

lexmarkms812Match-

Node

lexmarkms817_firmwareRange≤lw73.dn2.p263

AND

lexmarkms817Match-

Node

lexmarkms818_firmwareRange≤lw73.dn2.p263

AND

lexmarkms818Match-

Node

lexmarkms810de_firmwareRange≤lw73.dn4.p263

AND

lexmarkms810deMatch-

Node

lexmarkm5155Match-

AND

lexmarkm5155_firmwareRange≤lw73.dn4.p263

Node

lexmarkm5163Match-

AND

lexmarkm5163_firmwareRange≤lw73.dn4.p263

Node

lexmarkms812deMatch-

AND

lexmarkms812de_firmwareRange≤lw73.dn7.p263

Node

lexmarkm5170Match-

AND

lexmarkm5170_firmwareRange≤lw73.dn7.p263

Node

lexmarkms91xMatch-

AND

lexmarkms91x_firmwareRange≤lw73.sa.p263

Node

lexmarkmx31xMatch-

AND

lexmarkmx31x_firmwareRange≤lw73.sb2.p263

Node

lexmarkxm1135Match-

AND

lexmarkxm1135_firmwareRange≤lw73.sb2.p263

Node

lexmarkmx410Match-

AND

lexmarkmx410_firmwareRange≤lw73.sb4.p263

Node

lexmarkmx510_firmwareRange≤lw73.sb4.p263

AND

lexmarkmx510Match-

Node

lexmarkmx511_firmwareRange≤lw73.sb4.p263

AND

lexmarkmx511Match-

Node

lexmarkmx610_firmwareRange≤lw73.sb7.p263

AND

lexmarkmx610Match-

Node

lexmarkmx611_firmwareRange≤lw73.sb7.p263

AND

lexmarkmx611Match-

Node

lexmarkxm3150_firmwareRange≤lw73.sb7.p263

AND

lexmarkxm3150Match-

Node

lexmarkmx71x_firmwareRange≤lw73.tu.p263

AND

lexmarkmx71xMatch-

Node

lexmarkmx81x_firmwareRange≤lw73.tu.p263

AND

lexmarkmx81xMatch-

Node

lexmarkxm51xx_firmwareRange≤lw73.tu.p263

AND

lexmarkxm51xxMatch-

Node

lexmarkxm71xx_firmwareRange≤lw73.tu.p263

AND

lexmarkxm71xxMatch-

Node

lexmarkmx91x_firmwareRange≤lw73.mg.p263

AND

lexmarkmx91xMatch-

Node

lexmarkxm91x_firmwareRange≤lw73.mg.p263

AND

lexmarkxm91xMatch-

Node

lexmarkmx6500e_firmwareRange≤lw73.jd.p263

AND

lexmarkmx6500eMatch-

Node

lexmarkc746_firmwareRange≤lhs60.cm2.p731

AND

lexmarkc746Match-

Node

lexmarkc748_firmwareRange≤lhs60.cm4.p731

AND

lexmarkc748Match-

Node

lexmarkcs748_firmwareRange≤lhs60.cm4.p731

AND

lexmarkcs748Match-

Node

lexmarkc792_firmwareRange≤lhs60.hc.p731

AND

lexmarkc792Match-

Node

lexmarkcs796_firmwareRange≤lhs60.hc.p731

AND

lexmarkcs796Match-

Node

lexmarkc925_firmwareRange≤lhs60.hv.p731

AND

lexmarkc925Match-

Node

lexmarkc950_firmwareRange≤lhs60.tp.p731

AND

lexmarkc950Match-

Node

lexmarkx548_firmwareRange≤lhs60.vk.p731

AND

lexmarkx548Match-

Node

lexmarkxs548_firmwareRange≤lhs60.vk.p731

AND

lexmarkxs548Match-

Node

lexmarkx74x_firmwareRange≤lhs60.ny.p731

AND

lexmarkx74xMatch-

Node

lexmarkxs748_firmwareRange≤lhs60.ny.p731

AND

lexmarkxs748Match-

Node

lexmarkx792_firmwareRange≤lhs60.mr.p731

AND

lexmarkx792Match-

Node

lexmarkxs79x_firmwareRange≤lhs60.mr.p731

AND

lexmarkxs79xMatch-

Node

lexmarkx925_firmwareRange≤lhs60.hk.p731

AND

lexmarkx925Match-

Node

lexmarkxs925_firmwareRange≤lhs60.hk.p731

AND

lexmarkxs925Match-

Node

lexmarkx95x_firmwareRange≤lhs60.tq.p731

AND

lexmarkx95xMatch-

Node

lexmarkxs95x_firmwareRange≤lhs60.tq.p731

AND

lexmarkxs95xMatch-

Node

lexmark6500e_firmwareRange≤lhs60.jr.p731

AND

lexmark6500eMatch-

Node

lexmarkc734_firmwareRange≤lr.sk.p822

AND

lexmarkc734Match-

Node

lexmarkc736_firmwareRange≤lr.ske.p822

AND

lexmarkc736Match-

Node

lexmarke46x_firmwareRange≤lr.lbh.p822

AND

lexmarke46xMatch-

Node

lexmarkt65x_firmwareRange≤lr.jp.p822

AND

lexmarkt65xMatch-

Node

lexmarkx46x_firmwareRange≤lr.bs.p822

AND

lexmarkx46xMatch-

Node

lexmarkx65x_firmwareRange≤lr.mn.p822

AND

lexmarkx65xMatch-

Node

lexmarkx73x_firmwareRange≤lr.fl.p822

AND

lexmarkx73xMatch-

Node

lexmarkw850_firmwareRange≤lp.jb.p821

AND

lexmarkw850Match-

Node

lexmarkx86x_firmwareRange≤lp.sp.p821

AND

lexmarkx86xMatch-

Node

lexmarkcx410_firmwareRange≤lw73.gm4.p263

AND

lexmarkcx410Match-

Node

lexmarkxc2130_firmwareRange≤lw73.gm4.p263

AND

lexmarkxc2130Match-

Node

lexmarkcx510_firmwareRange≤lw73.gm7.p263

AND

lexmarkcx510Match-

Node

lexmarkxc2132_firmwareRange≤lw73.gm7.p263

AND

lexmarkxc2132Match-

Node

lexmarkcx51x_firmwareRange≤lw73.vy4.p263

AND

lexmarkcx51xMatch-

Node

lexmarkms610de_firmwareRange≤lw73.pr4.p263

AND

lexmarkms610deMatch-

Node

lexmarkm3150_firmwareRange≤lw73.pr4.p263

AND

lexmarkm3150Match-

Node

lexmarkxm1140_firmwareRange≤lw73.sb4.p263

AND

lexmarkxm1140Match-

Node

lexmarkxm1145_firmwareRange≤lw73.sb4.p263

AND

lexmarkxm1145Match-

CPENameOperatorVersion
lexmark:cx31x_firmwarelexmark cx31x firmwarelelw73.vyl.p263

CPE	Name	Operator	Version
lexmark:cx31x_firmware	lexmark cx31x firmware	le	lw73.vyl.p263

References

support.lexmark.com/alerts/

support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=en

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.5%

JSON

Related for CVE-2019-18791

cvelist1 openvas1 prion1 nvd1