Sign-up

ID

VAR-201402-0119


CVE

CVE-2013-6032


TITLE

Lexmark laser printers contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#108062

DESCRIPTION

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Lexmark Laser Printers is a laser printer device. Lexmark Laser Printers manages the WEB interface for verification bypass vulnerabilities. An empty string. Attackers can exploit this issue to gain authenticated access to the affected device and access sensitive information, which may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2013-6032 // CERT/CC: VU#108062 // JVNDB: JVNDB-2013-005982 // CNVD: CNVD-2014-00770 // BID: 65274

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00770

AFFECTED PRODUCTS

vendor:lexmarkmodel:25xxnscope:lteversion:lcl.cu.p114

Trust: 1.8

vendor:lexmarkmodel:c52xscope:lteversion:ls.fa.p150

Trust: 1.8

vendor:lexmarkmodel:c53xscope:lteversion:ls.sw.p069

Trust: 1.8

vendor:lexmarkmodel:c77xscope:lteversion:lc.cm.p052

Trust: 1.8

vendor:lexmarkmodel:c78xscope:lteversion:lc.io.p187

Trust: 1.8

vendor:lexmarkmodel:c920scope:lteversion:ls.ta.p152

Trust: 1.8

vendor:lexmarkmodel:c935dnscope:lteversion:lc.jo.p091

Trust: 1.8

vendor:lexmarkmodel:e250scope:lteversion:le.pm.p126

Trust: 1.8

vendor:lexmarkmodel:e350scope:lteversion:le.ph.p129

Trust: 1.8

vendor:lexmarkmodel:e450scope:lteversion:lm.sz.p124

Trust: 1.8

vendor:lexmarkmodel:n4000scope:lteversion:lc.md.p119

Trust: 1.8

vendor:lexmarkmodel:n4050escope:lteversion:go.go.n206

Trust: 1.8

vendor:lexmarkmodel:n70xxescope:lteversion:lc.co.n309

Trust: 1.8

vendor:lexmarkmodel:t64xscope:lteversion:ls.st.p343

Trust: 1.8

vendor:lexmarkmodel:w840scope:lteversion:ls.ha.p252

Trust: 1.8

vendor:lexmarkmodel:x642scope:lteversion:lc2.mb.p318

Trust: 1.8

vendor:lexmarkmodel:x646scope:lteversion:lc2.mc.p373

Trust: 1.8

vendor:lexmarkmodel:x64xefscope:lteversion:lc2.ti.p325

Trust: 1.8

vendor:lexmarkmodel:x772scope:lteversion:lc2.tr.p291

Trust: 1.8

vendor:lexmarkmodel:x78xscope:lteversion:lc2.io.p335

Trust: 1.8

vendor:lexmarkmodel:x85xscope:lteversion:lc4.be.p487

Trust: 1.8

vendor:lexmarkmodel:x94xscope:lteversion:lc.br.p141

Trust: 1.8

vendor:lexmarkmodel:x644scope:lteversion:lc4.be.p487

Trust: 1.0

vendor:lexmarkmodel: - scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:x644scope:lteversion:lc2.mc.p373

Trust: 0.8

vendor:lexmarkmodel:laser printer w840scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer c920scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer t64xscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer c53xscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer c935dnscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer c52xscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer e450scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer e350scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer e250scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:n4050escope:eqversion:go.go.n206

Trust: 0.6

vendor:lexmarkmodel:x772scope:eqversion:lc2.tr.p291

Trust: 0.6

vendor:lexmarkmodel:e250scope:eqversion:le.pm.p126

Trust: 0.6

vendor:lexmarkmodel:n70xxescope:eqversion:lc.co.n309

Trust: 0.6

vendor:lexmarkmodel:n4000scope:eqversion:lc.md.p119

Trust: 0.6

vendor:lexmarkmodel:e350scope:eqversion:le.ph.p129

Trust: 0.6

vendor:lexmarkmodel:e450scope:eqversion:lm.sz.p124

Trust: 0.6

vendor:lexmarkmodel:c77xscope:eqversion:lc.cm.p052

Trust: 0.6

vendor:lexmarkmodel:c52xscope:eqversion:ls.fa.p150

Trust: 0.6

vendor:lexmarkmodel:c53xscope:eqversion:ls.sw.p069

Trust: 0.6

vendor:lexmarkmodel:n4050e go.go.n206scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#108062 // CNVD: CNVD-2014-00770 // BID: 65274 // JVNDB: JVNDB-2013-005982 // CNNVD: CNNVD-201402-018 // NVD: CVE-2013-6032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6032
value: HIGH

Trust: 1.0

NVD: CVE-2013-6032
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00770
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-018
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2013-6032
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00770
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-00770 // JVNDB: JVNDB-2013-005982 // CNNVD: CNNVD-201402-018 // NVD: CVE-2013-6032

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2013-005982 // NVD: CVE-2013-6032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-018

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005982

PATCH
title:TE586 (Password Reset Vulnerability)url:http://support.lexmark.com/index?page=content&id=TE586&locale=EN&userlocale=EN_US
Trust: 0.8
title:Lexmark Laser Printers verifies patches that bypass the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/43414
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00770 // 
            
            
            
            JVNDB: JVNDB-2013-005982

EXTERNAL IDS
db:CERT/CCid:VU#108062
Trust: 3.8
db:NVDid:CVE-2013-6032
Trust: 3.3
db:BIDid:65274
Trust: 0.9
db:JVNid:JVNVU92568059
Trust: 0.8
db:JVNDBid:JVNDB-2013-005982
Trust: 0.8
db:CNVDid:CNVD-2014-00770
Trust: 0.6
db:CNNVDid:CNNVD-201402-018
Trust: 0.6
sources:
            
            
            CERT/CC: VU#108062 // 
            
            
            
            CNVD: CNVD-2014-00770 // 
            
            
            
            BID: 65274 // 
            
            
            
            JVNDB: JVNDB-2013-005982 // 
            
            
            
            CNNVD: CNNVD-201402-018 // 
            
            
            
            NVD: CVE-2013-6032

REFERENCES
url:http://www.kb.cert.org/vuls/id/108062
Trust: 3.0
url:http://support.lexmark.com/index?page=content&id=te586
Trust: 1.6
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6032
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92568059/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6032
Trust: 0.8
url:http://www.lexmark.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#108062 // 
            
            
            
            CNVD: CNVD-2014-00770 // 
            
            
            
            BID: 65274 // 
            
            
            
            JVNDB: JVNDB-2013-005982 // 
            
            
            
            CNNVD: CNNVD-201402-018 // 
            
            
            
            NVD: CVE-2013-6032

CREDITS
Jeff Popio
Trust: 0.3
sources:
            
            
            BID: 65274

SOURCES
db:CERT/CCid:VU#108062
db:CNVDid:CNVD-2014-00770
db:BIDid:65274
db:JVNDBid:JVNDB-2013-005982
db:CNNVDid:CNNVD-201402-018
db:NVDid:CVE-2013-6032

LAST UPDATE DATE
2024-11-23T22:13:50.037000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#108062date:2014-01-31T00:00:00
db:CNVDid:CNVD-2014-00770date:2014-02-13T00:00:00
db:BIDid:65274date:2014-01-31T00:00:00
db:JVNDBid:JVNDB-2013-005982date:2014-02-05T00:00:00
db:CNNVDid:CNNVD-201402-018date:2014-02-08T00:00:00
db:NVDid:CVE-2013-6032date:2024-11-21T01:58:39.373

SOURCES RELEASE DATE
db:CERT/CCid:VU#108062date:2014-01-31T00:00:00
db:CNVDid:CNVD-2014-00770date:2014-02-13T00:00:00
db:BIDid:65274date:2014-01-31T00:00:00
db:JVNDBid:JVNDB-2013-005982date:2014-02-05T00:00:00
db:CNNVDid:CNNVD-201402-018date:2014-02-08T00:00:00
db:NVDid:CVE-2013-6032date:2014-02-04T05:39:08.137