Sign-up

ID

VAR-201908-1620


CVE

CVE-2019-10057


TITLE

plural Lexmark Product cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008491

DESCRIPTION

Various Lexmark products have CSRF. plural Lexmark The product contains a cross-site request forgery vulnerability.Information may be tampered with. Lexmark CS31x and others are all printers from Lexmark. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client. The following products and versions are affected: Lexmark CS31x; CS41x; CX310; MS310; MS312; MS317; MS410; M1140; MS315; MS415; MS417; MS811; MS812; MS817; MS818

Trust: 1.8

sources: NVD: CVE-2019-10057 // JVNDB: JVNDB-2019-008491 // VULHUB: VHN-141227 // VULMON: CVE-2019-10057

AFFECTED PRODUCTS

vendor:lexmarkmodel:ms51xscope:lteversion:lw71.pr2.p228

Trust: 1.0

vendor:lexmarkmodel:ms315scope:lteversion:lw71.tl2.p228

Trust: 1.0

vendor:lexmarkmodel:ms312scope:lteversion:lw71.prl.p228

Trust: 1.0

vendor:lexmarkmodel:ms417scope:lteversion:lw71.tl2.p228

Trust: 1.0

vendor:lexmarkmodel:ms610dnscope:lteversion:lw71.pr2.p228

Trust: 1.0

vendor:lexmarkmodel:xm1135scope:lteversion:lw71.sb2.p228

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:lteversion:lw71.vy2.p228

Trust: 1.0

vendor:lexmarkmodel:cs31xscope:lteversion:lw71.vyl.p228

Trust: 1.0

vendor:lexmarkmodel:m5163dnscope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:ms818scope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:ms71xscope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:ms817scope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:ms810scope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:ms410scope:lteversion:lw71.prl.p228

Trust: 1.0

vendor:lexmarkmodel:ms811scope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:m3150dnscope:lteversion:lw71.pr2.p228

Trust: 1.0

vendor:lexmarkmodel:ms617scope:lteversion:lw71.pr2.p228

Trust: 1.0

vendor:lexmarkmodel:ms317scope:lteversion:lw71.prl.p228

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw71.gm2.p228

Trust: 1.0

vendor:lexmarkmodel:m1145scope:lteversion:lw71.pr2.p228

Trust: 1.0

vendor:lexmarkmodel:ms310scope:lteversion:lw71.prl.p228

Trust: 1.0

vendor:lexmarkmodel:ms415scope:lteversion:lw71.tl2.p228

Trust: 1.0

vendor:lexmarkmodel:ms812scope:lteversion:lw71.dn2.p228

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw71.sb2.p228

Trust: 1.0

vendor:lexmarkmodel:m1140scope:lteversion:lw71.prl.p228

Trust: 1.0

vendor:lexmarkmodel:cs31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms1140scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms312scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms315scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms317scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms415scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008491 // NVD: CVE-2019-10057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10057
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10057
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-2163
value: MEDIUM

Trust: 0.6

VULHUB: VHN-141227
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10057
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10057
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-141227
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10057
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-141227 // VULMON: CVE-2019-10057 // JVNDB: JVNDB-2019-008491 // CNNVD: CNNVD-201908-2163 // NVD: CVE-2019-10057

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-141227 // JVNDB: JVNDB-2019-008491 // NVD: CVE-2019-10057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2163

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-2163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008491

PATCH
title:TE921url:http://support.lexmark.com/index?page=content&id=TE921&locale=EN&userlocale=EN_US
Trust: 0.8
title:Multiple Lexmark Repair measures for product cross-site request forgery vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97647
Trust: 0.6
title:Threatposturl:https://threatpost.com/office-printers-hackers-open-door/147083/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-10057 // 
            
            
            
            JVNDB: JVNDB-2019-008491 // 
            
            
            
            CNNVD: CNNVD-201908-2163

EXTERNAL IDS
db:NVDid:CVE-2019-10057
Trust: 2.6
db:JVNDBid:JVNDB-2019-008491
Trust: 0.8
db:CNNVDid:CNNVD-201908-2163
Trust: 0.7
db:VULHUBid:VHN-141227
Trust: 0.1
db:VULMONid:CVE-2019-10057
Trust: 0.1
sources:
            
            
            VULHUB: VHN-141227 // 
            
            
            
            VULMON: CVE-2019-10057 // 
            
            
            
            JVNDB: JVNDB-2019-008491 // 
            
            
            
            CNNVD: CNNVD-201908-2163 // 
            
            
            
            NVD: CVE-2019-10057

REFERENCES
url:http://support.lexmark.com/index?page=content&id=te921&locale=en&userlocale=en_us
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10057
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10057
Trust: 0.8
url:http://support.lexmark.com/index?page=content&id=te921&locale=en&userlocale=en_us
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/office-printers-hackers-open-door/147083/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-141227 // 
            
            
            
            VULMON: CVE-2019-10057 // 
            
            
            
            JVNDB: JVNDB-2019-008491 // 
            
            
            
            CNNVD: CNNVD-201908-2163 // 
            
            
            
            NVD: CVE-2019-10057

SOURCES
db:VULHUBid:VHN-141227
db:VULMONid:CVE-2019-10057
db:JVNDBid:JVNDB-2019-008491
db:CNNVDid:CNNVD-201908-2163
db:NVDid:CVE-2019-10057

LAST UPDATE DATE
2024-11-23T22:06:01.980000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-141227date:2019-08-29T00:00:00
db:VULMONid:CVE-2019-10057date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008491date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2163date:2019-08-30T00:00:00
db:NVDid:CVE-2019-10057date:2024-11-21T04:18:18.080

SOURCES RELEASE DATE
db:VULHUBid:VHN-141227date:2019-08-28T00:00:00
db:VULMONid:CVE-2019-10057date:2019-08-28T00:00:00
db:JVNDBid:JVNDB-2019-008491date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2163date:2019-08-28T00:00:00
db:NVDid:CVE-2019-10057date:2019-08-28T22:15:11.640