Sign-up

ID

VAR-201906-0821


CVE

CVE-2018-15519


TITLE

plural Lexmark Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015799

DESCRIPTION

Various Lexmark devices have a Buffer Overflow (issue 1 of 2). plural Lexmark The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Lexmark CX310 and others are all multi-function printers from Lexmark. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. The following products and versions are affected: Lexmark CX310 LW70.GM2.P204 and earlier; CX410 LW70.GM4.P204 and earlier; CX510 LW70.GM7.P204 and earlier; XC2132 LW70.GM7.P204 and earlier; MX31x LW70 .SB2.P204 and earlier; MX41x LW70.SB4.P204 and earlier; MX51x LW70.SB4.P204 and earlier; XM1145 LW70.SB4.P204 and earlier; MX61x LW70.SB7.P204 and earlier; XM3150 LW70 .SB7.P204 and previous versions, etc

Trust: 2.25

sources: NVD: CVE-2018-15519 // JVNDB: JVNDB-2018-015799 // CNVD: CNVD-2019-41899 // VULHUB: VHN-125786

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41899

AFFECTED PRODUCTS

vendor:lexmarkmodel:x73xscope:lteversion:lr.fl.p803

Trust: 1.0

vendor:lexmarkmodel:x46xscope:lteversion:lr.bs.p803

Trust: 1.0

vendor:lexmarkmodel:cx510scope:lteversion:lw70.gm7.p204

Trust: 1.0

vendor:lexmarkmodel:xs92xscope:lteversion:lhs60.hk.p671

Trust: 1.0

vendor:lexmarkmodel:xs79xscope:lteversion:lhs60.mr.p671

Trust: 1.0

vendor:lexmarkmodel:mx41xscope:lteversion:lw70.sb4.p204

Trust: 1.0

vendor:lexmarkmodel:xm1145scope:lteversion:lw70.sb4.p204

Trust: 1.0

vendor:lexmarkmodel:xm51xxscope:lteversion:lw70.tu.p204

Trust: 1.0

vendor:lexmarkmodel:x74xscope:lteversion:lhs60.ny.p671

Trust: 1.0

vendor:lexmarkmodel:6500scope:lteversion:lhs60.jr.p671

Trust: 1.0

vendor:lexmarkmodel:xs95xscope:lteversion:lhs60.tq.p671

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw70.sb2.p204

Trust: 1.0

vendor:lexmarkmodel:mx91xscope:lteversion:lw70.mg.p204

Trust: 1.0

vendor:lexmarkmodel:xm3150scope:lteversion:lw70.sb7.p204

Trust: 1.0

vendor:lexmarkmodel:x79xscope:lteversion:lhs60.mr.p671

Trust: 1.0

vendor:lexmarkmodel:x92xscope:lteversion:lhs60.hk.p671

Trust: 1.0

vendor:lexmarkmodel:x65xscope:lteversion:lr.mn.p803

Trust: 1.0

vendor:lexmarkmodel:mx61xscope:lteversion:lw70.sb7.p204

Trust: 1.0

vendor:lexmarkmodel:xc2132scope:lteversion:lw70.gm7.p204

Trust: 1.0

vendor:lexmarkmodel:xs74xscope:lteversion:lhs60.ny.p671

Trust: 1.0

vendor:lexmarkmodel:x86xscope:lteversion:lr.sp.p803

Trust: 1.0

vendor:lexmarkmodel:xs54xscope:lteversion:lhs60.vk.p671

Trust: 1.0

vendor:lexmarkmodel:mx51xscope:lteversion:lw70.sb4.p204

Trust: 1.0

vendor:lexmarkmodel:mx81xscope:lteversion:lw70.tu.p204

Trust: 1.0

vendor:lexmarkmodel:mx71xscope:lteversion:lw70.tu.p204

Trust: 1.0

vendor:lexmarkmodel:cx410scope:lteversion:lw70.gm4.p204

Trust: 1.0

vendor:lexmarkmodel:mx6500scope:lteversion:lw70.jd.p204

Trust: 1.0

vendor:lexmarkmodel:x95xscope:lteversion:lhs60.tq.p671

Trust: 1.0

vendor:lexmarkmodel:xm91xscope:lteversion:lw70.mg.p204

Trust: 1.0

vendor:lexmarkmodel:x54xscope:lteversion:lhs60.vk.p671

Trust: 1.0

vendor:lexmarkmodel:xm71xxscope:lteversion:lw70.tu.p204

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw70.gm2.p204

Trust: 1.0

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx510scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx61xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc2132scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xm1145scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xm3150scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310 <=lw70.gm2.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cx410 <=lw70.gm4.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cx510 <=lw70.gm7.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:xc2132 <=lw70.gm7.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:mx31x <=lw70.sb2.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:mx41x <=lw70.sb4.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:mx51x <=lw70.sb4.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:xm1145 <=lw70.sb4.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:mx61x <=lw70.sb7.p204scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:xm3150 <=lw70.sb7.p204scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41899 // JVNDB: JVNDB-2018-015799 // NVD: CVE-2018-15519

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15519
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15519
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-41899
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-1102
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125786
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15519
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41899
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-125786
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15519
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-41899 // VULHUB: VHN-125786 // JVNDB: JVNDB-2018-015799 // CNNVD: CNNVD-201906-1102 // NVD: CVE-2018-15519

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-125786 // JVNDB: JVNDB-2018-015799 // NVD: CVE-2018-15519

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1102

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-1102

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015799

PATCH
title:TE892url:http://support.lexmark.com/index?page=content&id=TE892&locale=en&userlocale=EN_US
Trust: 0.8
title:Patch for Multiple Lexmark Product Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/191417
Trust: 0.6
title:Multiple Lexmark Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94203
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41899 // 
            
            
            
            JVNDB: JVNDB-2018-015799 // 
            
            
            
            CNNVD: CNNVD-201906-1102

EXTERNAL IDS
db:NVDid:CVE-2018-15519
Trust: 3.1
db:JVNDBid:JVNDB-2018-015799
Trust: 0.8
db:CNNVDid:CNNVD-201906-1102
Trust: 0.7
db:CNVDid:CNVD-2019-41899
Trust: 0.6
db:VULHUBid:VHN-125786
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41899 // 
            
            
            
            VULHUB: VHN-125786 // 
            
            
            
            JVNDB: JVNDB-2018-015799 // 
            
            
            
            CNNVD: CNNVD-201906-1102 // 
            
            
            
            NVD: CVE-2018-15519

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-15519
Trust: 2.0
url:http://support.lexmark.com/index?page=content&id=te892
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15519
Trust: 0.8
url:http://support.lexmark.com/index?page=content&amp;id=te892
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41899 // 
            
            
            
            VULHUB: VHN-125786 // 
            
            
            
            JVNDB: JVNDB-2018-015799 // 
            
            
            
            CNNVD: CNNVD-201906-1102 // 
            
            
            
            NVD: CVE-2018-15519

SOURCES
db:CNVDid:CNVD-2019-41899
db:VULHUBid:VHN-125786
db:JVNDBid:JVNDB-2018-015799
db:CNNVDid:CNNVD-201906-1102
db:NVDid:CVE-2018-15519

LAST UPDATE DATE
2024-11-23T23:11:47.764000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41899date:2019-11-22T00:00:00
db:VULHUBid:VHN-125786date:2019-07-05T00:00:00
db:JVNDBid:JVNDB-2018-015799date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201906-1102date:2019-07-09T00:00:00
db:NVDid:CVE-2018-15519date:2024-11-21T03:50:59.900

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41899date:2019-11-21T00:00:00
db:VULHUBid:VHN-125786date:2019-06-28T00:00:00
db:JVNDBid:JVNDB-2018-015799date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201906-1102date:2019-06-28T00:00:00
db:NVDid:CVE-2018-15519date:2019-06-28T17:15:11.087