CVE-2016-1896

Published Jan 27, 2016

Last updated 9 years ago

CVSS critical 9.8

Overview

Description: Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-254

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C29BEB30-DC3B-4922-9234-9F4CB9E2C048",
            "versionEndIncluding": "cb.02.048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lexmark:c4150:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF07C509-7E15-414C-9F1A-0DF8204136CC"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs720de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0AD322C1-05F1-42AA-9F94-46F53E0529C0"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs720dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "11E85F1B-AE5F-4515-A5E0-5FAE4DF22228"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs725de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F637ED5E-EBAA-42FA-B1EC-5A62BC35C1AA"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs725dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36DF826B-6EE0-4C67-AB9C-56B86516EF07"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D65111-B7BC-4A60-83CB-0D3C2CF216DF",
            "versionEndIncluding": "atl.02.048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lexmark:cx725de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE911CAA-BB40-462E-B7B1-08E6B8120536"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx725dhe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "536113D5-F589-4EDA-A273-56B3E73450CC"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx725dthe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E4B5588-09A3-4FA2-81D0-715B52902B02"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc4150:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5BFB88AA-AA66-46E1-AA48-DA149E50A57C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDC2CBD-3940-4952-8546-E6EA66C0725F",
            "versionEndIncluding": "yk.02.048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lexmark:c6160:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B4E4434A-93AE-494E-8D46-4F7BE14AFFCB"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs820de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FF541E0-D4DA-4B4C-8870-D3EC59EC9F83"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs820dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B79F4035-1CEC-488F-9066-83E48D19CAA9"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cs820dtfe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CC04B20-E795-49B2-8A84-1F559409D770"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB4760C3-77CB-4179-B7E9-79538C206498",
            "versionEndIncluding": "pp.02.048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lexmark:cx820de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B6CA052D-1DE0-45CC-8317-AE62D59179DA"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx820dtfe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4AD59709-2F7D-402B-8BEB-39F254B5F92A"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx825de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1751C220-21F2-4B00-BC83-4547C3EB549F"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx825dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE9956F4-B90F-4DF2-A010-162DE39C1586"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx825dtfe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BA85370-DB44-4D02-AC9D-3F7732ABAF48"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx860de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D26F568-042D-4247-A728-933AF110BC51"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx860dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DCD0E198-C530-4FD3-AE96-5C75BDF2B7E7"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:cx860dtfe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43839086-5EA5-4FB6-B92D-378FECD3C9BD"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc6152de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B0403F7-39BD-463F-83A2-3722AD2568B0"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc6152dtfe:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4A553DB8-FA2D-4AFD-9B2D-96F52F90AECD"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc8155de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67CFD744-5BF8-4912-B9ED-68037528FDF4"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc8155dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "14DB6F86-9F8D-4065-BAFB-AF393FEDE24C"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc8160de:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98059800-F8CE-4963-A3C8-7BFE2BEBE2A3"
          },
          {
            "criteria": "cpe:2.3:h:lexmark:xc8160dte:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "806FECDA-5A28-46E8-8AEA-534560B58042"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References