CVE-2019-10057

Various Lexmark products have CSRF.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.lexmark.com/index?page=content&id=TE921&locale=EN&userlocale=EN_US	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lexmark:cs31x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs31x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lexmark:cs41x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs41x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms310:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms312:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lexmark:ms317_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms317:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lexmark:ms410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m1140:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms315:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lexmark:ms415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms415:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lexmark:ms417_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms417:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lexmark:mx31x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx31x:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lexmark:xm1135_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm1135:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lexmark:ms51x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms51x:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lexmark:ms610dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms610dn:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lexmark:ms617_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms617:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m1145:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m3150dn:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lexmark:ms71x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms71x:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5163dn:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lexmark:ms810_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms810:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:lexmark:ms811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms811:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:lexmark:ms812_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms812:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:lexmark:ms817_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms817:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:lexmark:ms818_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms818:-:*:*:*:*:*:*:*

Information

Published : 2019-08-28 15:15

Updated : 2019-08-29 10:14

NVD link : CVE-2019-10057

Mitre link : CVE-2019-10057

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Products Affected

lexmark

cs41x_firmware
ms810_firmware
cs41x
ms810
ms317_firmware
ms312
ms817_firmware
cs31x_firmware
m3150dn
ms812_firmware
ms818
ms310
ms51x
mx31x
cx310_firmware
ms310_firmware
ms811_firmware
m5163dn_firmware
ms317
ms811
ms817
ms312_firmware
ms617_firmware
ms417_firmware
m1145_firmware
cx310
ms812
m1145
ms71x
ms417
ms818_firmware
ms617
cs31x
m1140
ms415
ms410_firmware
m1140_firmware
xm1135_firmware
ms610dn
ms610dn_firmware
ms315
m5163dn
ms51x_firmware
ms410
mx31x_firmware
m3150dn_firmware
ms415_firmware
xm1135
ms71x_firmware
ms315_firmware

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-10057

6.5^/10

4.3^/10

Attach tags to `CVE-2019-10057`