ID

VAR-201908-0059


CVE

CVE-2019-9935


TITLE

plural Lexmark Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008490

DESCRIPTION

Various Lexmark products have Incorrect Access Control (issue 2 of 2). Lexmark CS31x and others are all printers from Lexmark. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: CS31x with firmware LW71.VYL.P229 and earlier; CS41x with firmware LW71.VY2.P229 and earlier; CX310 with firmware LW71.GM2.P229 and earlier; MS310 with .P229 and earlier firmware; MS312 with LW71.GM2.P229 and earlier firmware; MS317 with LW71.GM2.P229 and earlier firmware; MS410 with LW71.PRL.P229 and earlier firmware; M1140 with firmware version .PRL.P229 and earlier; MS315 with firmware version LW71.TL2.P229 and earlier; MS415 with firmware version LW71.TL2.P229 and earlier; MS417 with firmware version LW71.TL2.P229 and earlier; MX31x with firmware LW71.SB2.P229 and earlier; XM1135 with firmware LW71.SB2.P229 and earlier; MS51x with firmware LW71.PR2.P229 and earlier; firmware with LW71.PR2.P229 and earlier MS610dn; MS617 using LW71.PR2.P229 and earlier firmware; M1145 using LW71.PR2.P229 and earlier firmware; M3150dn using LW71.PR2.P229 and earlier firmware; using LW71.DN2.P229 and earlier MS71x with firmware LW71.DN2.P229 and earlier; M5163dn with firmware LW71.DN2.P229 and earlier; MS810 with firmware LW71.DN2.P229 and earlier; MS811 with firmware LW71.DN2.P229 and earlier; MS812 with previous version firmware; MS817 with LW71.DN2.P229 and previous version firmware; MS818 with LW71.DN2.P229 and previous version firmware

Trust: 1.71

sources: NVD: CVE-2019-9935 // JVNDB: JVNDB-2019-008490 // VULHUB: VHN-161370

AFFECTED PRODUCTS

vendor:lexmarkmodel:m3150dnscope:lteversion:lw71.pr2.p229

Trust: 1.0

vendor:lexmarkmodel:m5163dnscope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:ms617scope:lteversion:lw71.pr2.p229

Trust: 1.0

vendor:lexmarkmodel:ms818scope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:ms310scope:lteversion:lw71.prl.p229

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw71.gm2.p229

Trust: 1.0

vendor:lexmarkmodel:ms71xscope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:m1145scope:lteversion:lw71.pr2.p229

Trust: 1.0

vendor:lexmarkmodel:xm1135scope:lteversion:lw71.sb2.p229

Trust: 1.0

vendor:lexmarkmodel:m1140scope:lteversion:lw71.prl.p229

Trust: 1.0

vendor:lexmarkmodel:ms810scope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:ms811scope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:ms415scope:lteversion:lw71.tl2.p229

Trust: 1.0

vendor:lexmarkmodel:ms312scope:lteversion:lw71.prl.p229

Trust: 1.0

vendor:lexmarkmodel:ms51xscope:lteversion:lw71.pr2.p229

Trust: 1.0

vendor:lexmarkmodel:ms610dnscope:lteversion:lw71.pr2.p229

Trust: 1.0

vendor:lexmarkmodel:ms817scope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:lteversion:lw71.vy2.p229

Trust: 1.0

vendor:lexmarkmodel:cs31xscope:lteversion:lw71.vyl.p229

Trust: 1.0

vendor:lexmarkmodel:ms315scope:lteversion:lw71.tl2.p229

Trust: 1.0

vendor:lexmarkmodel:ms417scope:lteversion:lw71.tl2.p229

Trust: 1.0

vendor:lexmarkmodel:ms812scope:lteversion:lw71.dn2.p229

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw71.sb2.p229

Trust: 1.0

vendor:lexmarkmodel:ms410scope:lteversion:lw71.prl.p229

Trust: 1.0

vendor:lexmarkmodel:ms317scope:lteversion:lw71.prl.p229

Trust: 1.0

vendor:lexmarkmodel:cs31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms1140scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms312scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms315scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms317scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms415scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008490 // NVD: CVE-2019-9935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9935
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-9935
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-2142
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9935
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-161370
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9935
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-161370 // JVNDB: JVNDB-2019-008490 // CNNVD: CNNVD-201908-2142 // NVD: CVE-2019-9935

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-161370 // JVNDB: JVNDB-2019-008490 // NVD: CVE-2019-9935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2142

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2142

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008490

PATCH

title:TE924url:http://support.lexmark.com/index?page=content&id=TE924&locale=EN&userlocale=EN_US

Trust: 0.8

title:Multiple Lexmark Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97630

Trust: 0.6

sources: JVNDB: JVNDB-2019-008490 // CNNVD: CNNVD-201908-2142

EXTERNAL IDS

db:NVDid:CVE-2019-9935

Trust: 2.5

db:JVNDBid:JVNDB-2019-008490

Trust: 0.8

db:CNNVDid:CNNVD-201908-2142

Trust: 0.7

db:VULHUBid:VHN-161370

Trust: 0.1

sources: VULHUB: VHN-161370 // JVNDB: JVNDB-2019-008490 // CNNVD: CNNVD-201908-2142 // NVD: CVE-2019-9935

REFERENCES

url:http://support.lexmark.com/index?page=content&id=te924&locale=en&userlocale=en_us

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9935

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9935

Trust: 0.8

url:http://support.lexmark.com/index?page=content&id=te924&locale=en&userlocale=en_us

Trust: 0.1

sources: VULHUB: VHN-161370 // JVNDB: JVNDB-2019-008490 // CNNVD: CNNVD-201908-2142 // NVD: CVE-2019-9935

SOURCES

db:VULHUBid:VHN-161370
db:JVNDBid:JVNDB-2019-008490
db:CNNVDid:CNNVD-201908-2142
db:NVDid:CVE-2019-9935

LAST UPDATE DATE

2024-11-23T22:25:49.566000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-161370date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008490date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2142date:2020-08-25T00:00:00
db:NVDid:CVE-2019-9935date:2024-11-21T04:52:37.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-161370date:2019-08-28T00:00:00
db:JVNDBid:JVNDB-2019-008490date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2142date:2019-08-28T00:00:00
db:NVDid:CVE-2019-9935date:2019-08-28T16:15:12.017