Details of VAR-201604-0425

ID

VAR-201604-0425

CVE

CVE-2016-3145

TITLE

Lexmark Vulnerability in obtaining important information in printer firmware

Trust: 0.8

sources: JVNDB: JVNDB-2016-002700

DESCRIPTION

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. Lexmarkprinter is a printer product. Lexmarkprinter has an information disclosure vulnerability that prevents local attackers from obtaining sensitive information by directly reading non-volatile memory due to failure to properly handle ErasePrinterMemory and EraseHardDisk operations. Multiple Lexmark Prrinters are prone to an unspecified local information-disclosure vulnerability. The following versions are affected: Lexmark using ATL versions prior to ATL.021.063, CB versions prior to CB.021.063, PP versions prior to PP.021.063, and YK versions prior to YK.021.063

Trust: 2.52

sources: NVD: CVE-2016-3145 // JVNDB: JVNDB-2016-002700 // CNVD: CNVD-2016-02640 // BID: 89168 // VULHUB: VHN-91964

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02640

AFFECTED PRODUCTS

vendor:	lexmark	model:	printer	scope:	gte	version:	pp	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	gte	version:	yk	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	gte	version:	atl	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	lte	version:	yk.021.057	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	lte	version:	yk.021.062	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	lte	version:	pp.021.062	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	lte	version:	cb.021.062	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	lte	version:	atl.021.062	Trust: 1.0
vendor:	lexmark	model:	printer	scope:	gte	version:	cb	Trust: 1.0
vendor:	lexmark	model:	xc8155de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs820de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	lt	version:	pp	Trust: 0.8
vendor:	lexmark	model:	cx860de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx825dtfe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	eq	version:	yk.021.063	Trust: 0.8
vendor:	lexmark	model:	cx825dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	xc8160de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs720de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	xc8155dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	xc6152de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx860dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	lt	version:	atl	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	lt	version:	yk	Trust: 0.8
vendor:	lexmark	model:	cs725dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	eq	version:	pp.021.063	Trust: 0.8
vendor:	lexmark	model:	xc6152dtfe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	xc4150	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx820dtfe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs820dtfe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	eq	version:	cb.021.063	Trust: 0.8
vendor:	lexmark	model:	c6160	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	c4150	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx860dtfe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	lt	version:	cb	Trust: 0.8
vendor:	lexmark	model:	cs820dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx725de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx820de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx825de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx725dthe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	xc8160dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx725dhe	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs725de	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs720dte	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	eq	version:	atl.021.063	Trust: 0.8
vendor:	lexmark	model:	printer	scope:	-	version:	-	Trust: 0.6
vendor:	lexmark	model:	printer	scope:	eq	version:	cb.021.062	Trust: 0.6
vendor:	lexmark	model:	printer	scope:	eq	version:	atl.021.062	Trust: 0.6
vendor:	lexmark	model:	printer	scope:	eq	version:	yk.021.057	Trust: 0.6
vendor:	lexmark	model:	printer	scope:	eq	version:	pp.021.062	Trust: 0.6
vendor:	lexmark	model:	printer	scope:	eq	version:	yk.021.062	Trust: 0.6

sources: CNVD: CNVD-2016-02640 // JVNDB: JVNDB-2016-002700 // CNNVD: CNNVD-201604-516 // NVD: CVE-2016-3145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3145
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3145
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-02640
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201604-516
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91964
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-3145
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02640
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-91964
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-3145
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02640 // VULHUB: VHN-91964 // JVNDB: JVNDB-2016-002700 // CNNVD: CNNVD-201604-516 // NVD: CVE-2016-3145

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-91964 // JVNDB: JVNDB-2016-002700 // NVD: CVE-2016-3145

THREAT TYPE

local

Trust: 0.9

sources: BID: 89168 // CNNVD: CNNVD-201604-516

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-516

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002700

PATCH

title:	TE760	url:	http://support.lexmark.com/index?page=content&id=TE760	Trust: 0.8
title:	Lexmark Printer Sensitive Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/74772	Trust: 0.6
title:	Lexmark Fixes for printer security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61205	Trust: 0.6

sources: CNVD: CNVD-2016-02640 // JVNDB: JVNDB-2016-002700 // CNNVD: CNNVD-201604-516

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3145	Trust: 3.4
db:	JVNDB	id:	JVNDB-2016-002700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-516	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02640	Trust: 0.6
db:	BID	id:	89168	Trust: 0.4
db:	VULHUB	id:	VHN-91964	Trust: 0.1

sources: CNVD: CNVD-2016-02640 // VULHUB: VHN-91964 // BID: 89168 // JVNDB: JVNDB-2016-002700 // CNNVD: CNNVD-201604-516 // NVD: CVE-2016-3145

REFERENCES

url:	http://support.lexmark.com/index?page=content&id=te760	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3145	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3145	Trust: 0.8
url:	http://support.lexmark.com/index?page=content&id=te760&locale=it&userlocale=it_it	Trust: 0.6
url:	http://www.lexmark.com/	Trust: 0.3
url:	http://support.lexmark.com/index?page=content&id=te760	Trust: 0.1

sources: CNVD: CNVD-2016-02640 // VULHUB: VHN-91964 // BID: 89168 // JVNDB: JVNDB-2016-002700 // CNNVD: CNNVD-201604-516 // NVD: CVE-2016-3145

CREDITS

Lexmark

Trust: 0.3

sources: BID: 89168

SOURCES

db:	CNVD	id:	CNVD-2016-02640
db:	VULHUB	id:	VHN-91964
db:	BID	id:	89168
db:	JVNDB	id:	JVNDB-2016-002700
db:	CNNVD	id:	CNNVD-201604-516
db:	NVD	id:	CVE-2016-3145

LAST UPDATE DATE

2024-11-23T23:09:12.705000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02640	date:	2016-04-27T00:00:00
db:	VULHUB	id:	VHN-91964	date:	2019-08-28T00:00:00
db:	BID	id:	89168	date:	2016-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-002700	date:	2016-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201604-516	date:	2019-08-29T00:00:00
db:	NVD	id:	CVE-2016-3145	date:	2024-11-21T02:49:28.127

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02640	date:	2016-04-27T00:00:00
db:	VULHUB	id:	VHN-91964	date:	2016-04-22T00:00:00
db:	BID	id:	89168	date:	2016-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-002700	date:	2016-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201604-516	date:	2016-04-22T00:00:00
db:	NVD	id:	CVE-2016-3145	date:	2016-04-22T00:59:09.493