Sign-up

ID

VAR-201601-0529


CVE

CVE-2016-1896


TITLE

Lexmark Vulnerability that bypasses authentication in printer firmware initialization process

Trust: 0.8

sources: JVNDB: JVNDB-2016-001341

DESCRIPTION

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAuthentication may be circumvented by a third party using unauthorized detection of the security jumper status. Lexmarkprinter is a printer product from Lexmark. A remote attacker bypasses authentication by incorrect detection of the security-jumper state. Lexmark Laser Printers are prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. The following versions are affected: Lexmark printers using ATL versions prior to ATL.02.049, CB versions prior to CB.02.049, PP versions prior to PP.02.049, and YK versions prior to YK.02.049

Trust: 2.52

sources: NVD: CVE-2016-1896 // JVNDB: JVNDB-2016-001341 // CNVD: CNVD-2016-00801 // BID: 82117 // VULHUB: VHN-90715

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00801

AFFECTED PRODUCTS

vendor:lexmarkmodel:printerscope:lteversion:yk.02.048

Trust: 1.0

vendor:lexmarkmodel:printerscope:lteversion:cb.02.048

Trust: 1.0

vendor:lexmarkmodel:printerscope:lteversion:pp.02.048

Trust: 1.0

vendor:lexmarkmodel:printerscope:lteversion:atl.02.048

Trust: 1.0

vendor:lexmarkmodel:xc8155descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs820descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:ltversion:pp

Trust: 0.8

vendor:lexmarkmodel:cx860descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx825dtfescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx825dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc8160descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs720descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc8155dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:eqversion:pp.02.049

Trust: 0.8

vendor:lexmarkmodel:cx860dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:ltversion:atl

Trust: 0.8

vendor:lexmarkmodel:xc6152descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:ltversion:yk

Trust: 0.8

vendor:lexmarkmodel:cs725dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc6152dtfescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:eqversion:atl.02.049

Trust: 0.8

vendor:lexmarkmodel:xc4150scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx820dtfescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs820dtfescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c6160scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c4150scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx860dtfescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:ltversion:cb

Trust: 0.8

vendor:lexmarkmodel:cs820dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx725descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx820descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx825descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx725dthescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:eqversion:cb.02.049

Trust: 0.8

vendor:lexmarkmodel:xc8160dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx725dhescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs725descope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs720dtescope: - version: -

Trust: 0.8

vendor:lexmarkmodel:printerscope:eqversion:yk.02.049

Trust: 0.8

vendor:lexmarkmodel:laser printer atl.02.049scope:ltversion: -

Trust: 0.6

vendor:lexmarkmodel:laser printer cbscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer ppscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:laser printer ykscope: - version: -

Trust: 0.6

vendor:lexmarkmodel:printerscope:eqversion:atl.02.048

Trust: 0.6

vendor:lexmarkmodel:printerscope:eqversion:pp.02.048

Trust: 0.6

vendor:lexmarkmodel:printerscope:eqversion:cb.02.048

Trust: 0.6

vendor:lexmarkmodel:printerscope:eqversion:yk.02.048

Trust: 0.6

vendor:lexmarkmodel:xc8160dte pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc8160de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc8155dte pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc8155de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc6152dtfe pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc6152de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc4150 atl.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx860dtfe pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx860dte pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx860de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx825dtfe pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx825dte pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx825de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx820dtfe pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx820de pp.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx725dthe atl.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx725dhe atl.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cx725de atl.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs820dtfe yk.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs820dte yk.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs820de yk.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs725de cb.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs720dte cb.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:cs720de cb.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:c6160 yk.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:c4150 cb.02.048scope: - version: -

Trust: 0.3

vendor:lexmarkmodel:xc8160dte pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc8160de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc8155dte pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc8155de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc6152dtfe pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc6152de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:xc4150 atl.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx860dtfe pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx860dte pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx860de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx825dtfe pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx825dte pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx825de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx820dtfe pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx820de pp.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx725dthe atl.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx725dhe atl.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cx725de atl.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs820dtfe yk.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs820dte yk.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs820de yk.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs725de cb.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs720dte cb.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:cs720de cb.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:c6160 yk.02.049scope:neversion: -

Trust: 0.3

vendor:lexmarkmodel:c4150 cb.02.049scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-00801 // BID: 82117 // JVNDB: JVNDB-2016-001341 // CNNVD: CNNVD-201601-647 // NVD: CVE-2016-1896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1896
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1896
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-00801
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-647
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90715
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1896
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00801
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90715
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1896
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00801 // VULHUB: VHN-90715 // JVNDB: JVNDB-2016-001341 // CNNVD: CNNVD-201601-647 // NVD: CVE-2016-1896

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-90715 // JVNDB: JVNDB-2016-001341 // NVD: CVE-2016-1896

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-647

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201601-647

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001341

PATCH
title:TE745url:http://support.lexmark.com/index?page=content&id=TE745
Trust: 0.8
title:Lexmark printer competition conditional vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/71102
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00801 // 
            
            
            
            JVNDB: JVNDB-2016-001341

EXTERNAL IDS
db:NVDid:CVE-2016-1896
Trust: 3.4
db:JVNDBid:JVNDB-2016-001341
Trust: 0.8
db:CNVDid:CNVD-2016-00801
Trust: 0.6
db:CNNVDid:CNNVD-201601-647
Trust: 0.6
db:BIDid:82117
Trust: 0.4
db:VULHUBid:VHN-90715
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00801 // 
            
            
            
            VULHUB: VHN-90715 // 
            
            
            
            BID: 82117 // 
            
            
            
            JVNDB: JVNDB-2016-001341 // 
            
            
            
            CNNVD: CNNVD-201601-647 // 
            
            
            
            NVD: CVE-2016-1896

REFERENCES
url:http://support.lexmark.com/index?page=content&id=te745
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1896
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1896
Trust: 0.8
url:http://support.lexmark.com/index?page=content&id=te745
Trust: 0.7
url:http://www.lexmark.com/
Trust: 0.3
url:http://support.lexmark.com/index?page=content&id=te745&locale=en&userlocale=en_us
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00801 // 
            
            
            
            VULHUB: VHN-90715 // 
            
            
            
            BID: 82117 // 
            
            
            
            JVNDB: JVNDB-2016-001341 // 
            
            
            
            CNNVD: CNNVD-201601-647 // 
            
            
            
            NVD: CVE-2016-1896

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 82117

SOURCES
db:CNVDid:CNVD-2016-00801
db:VULHUBid:VHN-90715
db:BIDid:82117
db:JVNDBid:JVNDB-2016-001341
db:CNNVDid:CNNVD-201601-647
db:NVDid:CVE-2016-1896

LAST UPDATE DATE
2024-11-23T22:22:47.355000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00801date:2016-02-03T00:00:00
db:VULHUBid:VHN-90715date:2016-02-01T00:00:00
db:BIDid:82117date:2016-01-25T00:00:00
db:JVNDBid:JVNDB-2016-001341date:2016-02-02T00:00:00
db:CNNVDid:CNNVD-201601-647date:2016-01-28T00:00:00
db:NVDid:CVE-2016-1896date:2024-11-21T02:47:16.937

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00801date:2016-02-03T00:00:00
db:VULHUBid:VHN-90715date:2016-01-27T00:00:00
db:BIDid:82117date:2016-01-25T00:00:00
db:JVNDBid:JVNDB-2016-001341date:2016-02-02T00:00:00
db:CNNVDid:CNNVD-201601-647date:2016-01-28T00:00:00
db:NVDid:CVE-2016-1896date:2016-01-27T05:59:04.307