Sign-up

ID

VAR-201903-1006


CVE

CVE-2018-17944


TITLE

plural Lexmark Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014734

DESCRIPTION

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. plural Lexmark The device contains an information disclosure vulnerability.Information may be obtained. Multiple Lexmark Devices are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Lexmark CX725h; Lexmark CX820; Lexmark CX825; Lexmark CX860; Lexmark XC4150; Lexmark XC6152; Lexmark XC8155;

Trust: 1.98

sources: NVD: CVE-2018-17944 // JVNDB: JVNDB-2018-014734 // BID: 107442 // VULHUB: VHN-128454

AFFECTED PRODUCTS

vendor:lexmarkmodel:cx860scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:xc8160scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:cx820scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:cx725hscope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:xc6152scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:xc8155scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:xc4150scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:cx825scope:eqversion: -

Trust: 1.0

vendor:lexmarkmodel:cx725hscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx820scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx825scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx860scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc4150scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc6152scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc8155scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc8160scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc8160scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:xc8155scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:xc6152scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:xc4150scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:cx860scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:cx825scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:cx820scope:eqversion:0

Trust: 0.3

vendor:lexmarkmodel:cx725hscope:eqversion:0

Trust: 0.3

sources: BID: 107442 // JVNDB: JVNDB-2018-014734 // NVD: CVE-2018-17944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17944
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17944
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-351
value: MEDIUM

Trust: 0.6

VULHUB: VHN-128454
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-17944
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-128454
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17944
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128454 // JVNDB: JVNDB-2018-014734 // CNNVD: CNNVD-201903-351 // NVD: CVE-2018-17944

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-128454 // JVNDB: JVNDB-2018-014734 // NVD: CVE-2018-17944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-351

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-351

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014734

PATCH
title:Lexmark Security Advisory: LDAP and SMTP Servers Vulnerability (CVE-2018-17944)url:http://support.lexmark.com/index?page=content&id=TE909&locale=en&userlocale=EN_US
Trust: 0.8
title:Lexmark Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89970
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014734 // 
            
            
            
            CNNVD: CNNVD-201903-351

EXTERNAL IDS
db:NVDid:CVE-2018-17944
Trust: 2.8
db:JVNDBid:JVNDB-2018-014734
Trust: 0.8
db:CNNVDid:CNNVD-201903-351
Trust: 0.7
db:BIDid:107442
Trust: 0.3
db:VULHUBid:VHN-128454
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128454 // 
            
            
            
            BID: 107442 // 
            
            
            
            JVNDB: JVNDB-2018-014734 // 
            
            
            
            CNNVD: CNNVD-201903-351 // 
            
            
            
            NVD: CVE-2018-17944

REFERENCES
url:http://support.lexmark.com/index?page=content&id=te909
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-17944
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17944
Trust: 0.8
url:http://www.lexmark.com/
Trust: 0.3
url:http://support.lexmark.com/index?page=content&id=te909&locale=en&userlocale=en_us
Trust: 0.3
url:http://support.lexmark.com/index?page=content&id=te909
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128454 // 
            
            
            
            BID: 107442 // 
            
            
            
            JVNDB: JVNDB-2018-014734 // 
            
            
            
            CNNVD: CNNVD-201903-351 // 
            
            
            
            NVD: CVE-2018-17944

CREDITS
Ramnath Shenoy of Content Security.
Trust: 0.3
sources:
            
            
            BID: 107442

SOURCES
db:VULHUBid:VHN-128454
db:BIDid:107442
db:JVNDBid:JVNDB-2018-014734
db:CNNVDid:CNNVD-201903-351
db:NVDid:CVE-2018-17944

LAST UPDATE DATE
2024-11-23T22:25:59.347000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128454date:2019-03-13T00:00:00
db:BIDid:107442date:2019-01-28T00:00:00
db:JVNDBid:JVNDB-2018-014734date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-351date:2019-04-01T00:00:00
db:NVDid:CVE-2018-17944date:2024-11-21T03:55:15.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-128454date:2019-03-12T00:00:00
db:BIDid:107442date:2019-01-28T00:00:00
db:JVNDBid:JVNDB-2018-014734date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-351date:2019-03-12T00:00:00
db:NVDid:CVE-2018-17944date:2019-03-12T16:29:00.220