CVE-2018-15520

Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.lexmark.com/index?page=content&id=TE892	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:lexmark:cx82x_firmware::::::::
	cpe:2.3:o:lexmark:cx82x_firmware::::::::

cpe:2.3:h:lexmark:cx82x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:lexmark:cx860_firmware::::::::
	cpe:2.3:o:lexmark:cx860_firmware::::::::

cpe:2.3:h:lexmark:cx860:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:lexmark:xc6152_firmware::::::::
	cpe:2.3:o:lexmark:xc6152_firmware::::::::

cpe:2.3:h:lexmark:xc6152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:lexmark:xc8155_firmware::::::::
	cpe:2.3:o:lexmark:xc8155_firmware::::::::

cpe:2.3:h:lexmark:xc8155:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:lexmark:xc8160_firmware::::::::
	cpe:2.3:o:lexmark:xc8160_firmware::::::::

cpe:2.3:h:lexmark:xc8160:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:lexmark:cx72x_firmware::::::::
	cpe:2.3:o:lexmark:cx72x_firmware::::::::

cpe:2.3:h:lexmark:cx72x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:lexmark:xc41x0_firmware::::::::
	cpe:2.3:o:lexmark:xc41x0_firmware::::::::

cpe:2.3:h:lexmark:xc41x0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:lexmark:cx92x_firmware::::::::
	cpe:2.3:o:lexmark:cx92x_firmware::::::::

cpe:2.3:h:lexmark:cx92x:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:lexmark:xc92x5_firmware::::::::
	cpe:2.3:o:lexmark:xc92x5_firmware::::::::

cpe:2.3:h:lexmark:xc92x5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:lexmark:mx321_firmware::::::::
	cpe:2.3:o:lexmark:mx321_firmware::::::::

cpe:2.3:h:lexmark:mx321:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:lexmark:mb2338_firmware::::::::
	cpe:2.3:o:lexmark:mb2338_firmware::::::::

cpe:2.3:h:lexmark:mb2338:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:lexmark:mx42x_firmware::::::::
	cpe:2.3:o:lexmark:mx42x_firmware::::::::

cpe:2.3:h:lexmark:mx42x:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:lexmark:mx52x_firmware::::::::
	cpe:2.3:o:lexmark:mx52x_firmware::::::::

cpe:2.3:h:lexmark:mx52x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:lexmark:mx622_firmware::::::::
	cpe:2.3:o:lexmark:mx622_firmware::::::::

cpe:2.3:h:lexmark:mx622:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:lexmark:mb2442_firmware::::::::
	cpe:2.3:o:lexmark:mb2442_firmware::::::::

cpe:2.3:h:lexmark:mb2442:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:lexmark:mb2546_firmware::::::::
	cpe:2.3:o:lexmark:mb2546_firmware::::::::

cpe:2.3:h:lexmark:mb2546:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

OR	cpe:2.3:o:lexmark:mb2650_firmware::::::::
	cpe:2.3:o:lexmark:mb2650_firmware::::::::

cpe:2.3:h:lexmark:mb2650:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

OR	cpe:2.3:o:lexmark:xm124x_firmware::::::::
	cpe:2.3:o:lexmark:xm124x_firmware::::::::

cpe:2.3:h:lexmark:xm124x:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

OR	cpe:2.3:o:lexmark:xm3250_firmware::::::::
	cpe:2.3:o:lexmark:xm3250_firmware::::::::

cpe:2.3:h:lexmark:xm3250:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

OR	cpe:2.3:o:lexmark:mx72x_firmware::::::::
	cpe:2.3:o:lexmark:mx72x_firmware::::::::

cpe:2.3:h:lexmark:mx72x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

OR	cpe:2.3:o:lexmark:mx82x_firmware::::::::
	cpe:2.3:o:lexmark:mx82x_firmware::::::::

cpe:2.3:h:lexmark:mx82x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

OR	cpe:2.3:o:lexmark:mb2770_firmware::::::::
	cpe:2.3:o:lexmark:mb2770_firmware::::::::

cpe:2.3:h:lexmark:mb2770:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

OR	cpe:2.3:o:lexmark:xm5370_firmware::::::::
	cpe:2.3:o:lexmark:xm5370_firmware::::::::

cpe:2.3:h:lexmark:xm5370:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

OR	cpe:2.3:o:lexmark:xm7355_firmware::::::::
	cpe:2.3:o:lexmark:xm7355_firmware::::::::

cpe:2.3:h:lexmark:xm7355:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

OR	cpe:2.3:o:lexmark:xm7370_firmware::::::::
	cpe:2.3:o:lexmark:xm7370_firmware::::::::

cpe:2.3:h:lexmark:xm7370:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

OR	cpe:2.3:o:lexmark:cx421_firmware::::::::
	cpe:2.3:o:lexmark:cx421_firmware::::::::

cpe:2.3:h:lexmark:cx421:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

OR	cpe:2.3:o:lexmark:mc2325_firmware::::::::
	cpe:2.3:o:lexmark:mc2325_firmware::::::::

cpe:2.3:h:lexmark:mc2325:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

OR	cpe:2.3:o:lexmark:mc2425_firmware::::::::
	cpe:2.3:o:lexmark:mc2425_firmware::::::::

cpe:2.3:h:lexmark:mc2425:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

OR	cpe:2.3:o:lexmark:cx522_firmware::::::::
	cpe:2.3:o:lexmark:cx522_firmware::::::::

cpe:2.3:h:lexmark:cx522:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

OR	cpe:2.3:o:lexmark:cx62x_firmware::::::::
	cpe:2.3:o:lexmark:cx62x_firmware::::::::

cpe:2.3:h:lexmark:cx62x:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

OR	cpe:2.3:o:lexmark:mc2535_firmware::::::::
	cpe:2.3:o:lexmark:mc2535_firmware::::::::

cpe:2.3:h:lexmark:mc2535:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

OR	cpe:2.3:o:lexmark:mc2640_firmware::::::::
	cpe:2.3:o:lexmark:mc2640_firmware::::::::

cpe:2.3:h:lexmark:mc2640:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

OR	cpe:2.3:o:lexmark:xc2235_firmware::::::::
	cpe:2.3:o:lexmark:xc2235_firmware::::::::

cpe:2.3:h:lexmark:xc2235:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

OR	cpe:2.3:o:lexmark:xc4240_firmware::::::::
	cpe:2.3:o:lexmark:xc4240_firmware::::::::

cpe:2.3:h:lexmark:xc4240:-:*:*:*:*:*:*:*

Information

Published : 2019-06-28 09:15

Updated : 2019-07-05 08:47

NVD link : CVE-2018-15520

Mitre link : CVE-2018-15520

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

lexmark

cx82x
cx82x_firmware
mb2338_firmware
cx62x
mx72x
mx321_firmware
cx421_firmware
xc41x0_firmware
cx92x
xc92x5_firmware
mb2546_firmware
xc8155
mb2770
mx72x_firmware
mc2535
mx321
xm5370
mx622_firmware
mc2640
xc8160
mb2442_firmware
xc2235_firmware
cx62x_firmware
mx52x_firmware
xm124x_firmware
mc2425
mc2325_firmware
xc4240
xc8160_firmware
mc2535_firmware
cx72x_firmware
mx42x
mx52x
mb2650
mx82x_firmware
xm7355
mc2640_firmware
xm7370_firmware
xc6152_firmware
mx42x_firmware
mx82x
mb2338
xm3250
mb2650_firmware
mb2770_firmware
cx421
mc2325
mb2546
mc2425_firmware
cx522_firmware
xc4240_firmware
xm3250_firmware
xc92x5
cx860_firmware
cx522
xc2235
xc8155_firmware
xc6152
cx860
cx72x
xm7355_firmware
xm7370
xm124x
xc41x0
cx92x_firmware
mx622
mb2442
xm5370_firmware

9.8 /10