Details of VAR-201908-0058

ID

VAR-201908-0058

CVE

CVE-2019-9934

TITLE

plural Lexmark Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008489

DESCRIPTION

Various Lexmark products have Incorrect Access Control (issue 1 of 2). Lexmark CS31x and others are all printers from Lexmark. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: CS31x with firmware LW71.VYL.P229 and earlier; CS41x with firmware LW71.VY2.P229 and earlier; CX310 with firmware LW71.GM2.P229 and earlier; MS310 with .P229 and earlier firmware; MS312 with LW71.GM2.P229 and earlier firmware; MS317 with LW71.GM2.P229 and earlier firmware; MS410 with LW71.PRL.P229 and earlier firmware; M1140 with firmware version .PRL.P229 and earlier; MS315 with firmware version LW71.TL2.P229 and earlier; MS415 with firmware version LW71.TL2.P229 and earlier; MS417 with firmware version LW71.TL2.P229 and earlier; MX31x with firmware LW71.SB2.P229 and earlier; XM1135 with firmware LW71.SB2.P229 and earlier; MS51x with firmware LW71.PR2.P229 and earlier; firmware with LW71.PR2.P229 and earlier MS610dn; MS617 using LW71.PR2.P229 and earlier firmware; M1145 using LW71.PR2.P229 and earlier firmware; M3150dn using LW71.PR2.P229 and earlier firmware; using LW71.DN2.P229 and earlier MS71x with firmware LW71.DN2.P229 and earlier; M5163dn with firmware LW71.DN2.P229 and earlier; MS810 with firmware LW71.DN2.P229 and earlier; MS811 with firmware LW71.DN2.P229 and earlier; MS812 with previous version firmware; MS817 with LW71.DN2.P229 and previous version firmware; MS818 with LW71.DN2.P229 and previous version firmware

Trust: 1.71

sources: NVD: CVE-2019-9934 // JVNDB: JVNDB-2019-008489 // VULHUB: VHN-161369

AFFECTED PRODUCTS

vendor:	lexmark	model:	m3150dn	scope:	lte	version:	lw71.pr2.p229	Trust: 1.0
vendor:	lexmark	model:	m5163dn	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	ms617	scope:	lte	version:	lw71.pr2.p229	Trust: 1.0
vendor:	lexmark	model:	ms818	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	ms310	scope:	lte	version:	lw71.prl.p229	Trust: 1.0
vendor:	lexmark	model:	cx310	scope:	lte	version:	lw71.gm2.p229	Trust: 1.0
vendor:	lexmark	model:	ms71x	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	m1145	scope:	lte	version:	lw71.pr2.p229	Trust: 1.0
vendor:	lexmark	model:	xm1135	scope:	lte	version:	lw71.sb2.p229	Trust: 1.0
vendor:	lexmark	model:	m1140	scope:	lte	version:	lw71.prl.p229	Trust: 1.0
vendor:	lexmark	model:	ms810	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	ms811	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	ms415	scope:	lte	version:	lw71.tl2.p229	Trust: 1.0
vendor:	lexmark	model:	ms312	scope:	lte	version:	lw71.prl.p229	Trust: 1.0
vendor:	lexmark	model:	ms51x	scope:	lte	version:	lw71.pr2.p229	Trust: 1.0
vendor:	lexmark	model:	ms610dn	scope:	lte	version:	lw71.pr2.p229	Trust: 1.0
vendor:	lexmark	model:	ms817	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	cs41x	scope:	lte	version:	lw71.vy2.p229	Trust: 1.0
vendor:	lexmark	model:	cs31x	scope:	lte	version:	lw71.vyl.p229	Trust: 1.0
vendor:	lexmark	model:	ms315	scope:	lte	version:	lw71.tl2.p229	Trust: 1.0
vendor:	lexmark	model:	ms417	scope:	lte	version:	lw71.tl2.p229	Trust: 1.0
vendor:	lexmark	model:	ms812	scope:	lte	version:	lw71.dn2.p229	Trust: 1.0
vendor:	lexmark	model:	mx31x	scope:	lte	version:	lw71.sb2.p229	Trust: 1.0
vendor:	lexmark	model:	ms410	scope:	lte	version:	lw71.prl.p229	Trust: 1.0
vendor:	lexmark	model:	ms317	scope:	lte	version:	lw71.prl.p229	Trust: 1.0
vendor:	lexmark	model:	cs31x	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cs41x	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	cx310	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms1140	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms310	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms312	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms315	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms317	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms410	scope:	-	version:	-	Trust: 0.8
vendor:	lexmark	model:	ms415	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008489 // NVD: CVE-2019-9934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9934
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-9934
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-2140
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-161369
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9934
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-161369
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9934
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-161369 // JVNDB: JVNDB-2019-008489 // CNNVD: CNNVD-201908-2140 // NVD: CVE-2019-9934

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-161369 // JVNDB: JVNDB-2019-008489 // NVD: CVE-2019-9934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2140

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2140

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008489

PATCH

title:	TE924	url:	http://support.lexmark.com/index?page=content&id=TE924&locale=en&userlocale=EN_US	Trust: 0.8
title:	Multiple Lexmark Product access control error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97628	Trust: 0.6

sources: JVNDB: JVNDB-2019-008489 // CNNVD: CNNVD-201908-2140

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9934	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008489	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-2140	Trust: 0.7
db:	VULHUB	id:	VHN-161369	Trust: 0.1

sources: VULHUB: VHN-161369 // JVNDB: JVNDB-2019-008489 // CNNVD: CNNVD-201908-2140 // NVD: CVE-2019-9934

REFERENCES

url:	http://support.lexmark.com/index?page=content&id=te924&locale=en&userlocale=en_us	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9934	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9934	Trust: 0.8
url:	http://support.lexmark.com/index?page=content&id=te924&locale=en&userlocale=en_us	Trust: 0.1

sources: VULHUB: VHN-161369 // JVNDB: JVNDB-2019-008489 // CNNVD: CNNVD-201908-2140 // NVD: CVE-2019-9934

SOURCES

db:	VULHUB	id:	VHN-161369
db:	JVNDB	id:	JVNDB-2019-008489
db:	CNNVD	id:	CNNVD-201908-2140
db:	NVD	id:	CVE-2019-9934

LAST UPDATE DATE

2024-11-23T21:37:03.451000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161369	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008489	date:	2019-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201908-2140	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-9934	date:	2024-11-21T04:52:37.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161369	date:	2019-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-008489	date:	2019-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201908-2140	date:	2019-08-28T00:00:00
db:	NVD	id:	CVE-2019-9934	date:	2019-08-28T16:15:11.953