CVE-2016-3145

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.lexmark.com/index?page=content&id=TE760	Vendor Advisory
http://support.lexmark.com/index?page=content&id=TE760	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx820de:-:::::::*
	cpe:2.3:h:lexmark:cx820dtfe:-:::::::*
	cpe:2.3:h:lexmark:cx825de:-:::::::*
	cpe:2.3:h:lexmark:cx825dte:-:::::::*
	cpe:2.3:h:lexmark:cx825dtfe:-:::::::*
	cpe:2.3:h:lexmark:cx860de:-:::::::*
	cpe:2.3:h:lexmark:cx860dte:-:::::::*
	cpe:2.3:h:lexmark:cx860dtfe:-:::::::*
	cpe:2.3:h:lexmark:xc6152de:-:::::::*
	cpe:2.3:h:lexmark:xc6152dtfe:-:::::::*
	cpe:2.3:h:lexmark:xc8155de:-:::::::*
	cpe:2.3:h:lexmark:xc8155dte:-:::::::*
	cpe:2.3:h:lexmark:xc8160de:-:::::::*
	cpe:2.3:h:lexmark:xc8160dte:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c4150:-:::::::*
	cpe:2.3:h:lexmark:cs720de:-:::::::*
	cpe:2.3:h:lexmark:cs720dte:-:::::::*
	cpe:2.3:h:lexmark:cs725de:-:::::::*
	cpe:2.3:h:lexmark:cs725dte:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c6160:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cs820de:-:::::::*
	cpe:2.3:h:lexmark:cs820dte:-:::::::*
	cpe:2.3:h:lexmark:cs820dtfe:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx725de:-:::::::*
	cpe:2.3:h:lexmark:cx725dhe:-:::::::*
	cpe:2.3:h:lexmark:cx725dthe:-:::::::*
	cpe:2.3:h:lexmark:xc4150:-:::::::*

History

21 Nov 2024, 02:49

Type	Values Removed	Values Added
References	~~() http://support.lexmark.com/index?page=content&id=TE760 - Vendor Advisory~~	() http://support.lexmark.com/index?page=content&id=TE760 - Vendor Advisory

Information

Published : 2016-04-22 00:59

Updated : 2024-11-21 02:49

NVD link : CVE-2016-3145

Mitre link : CVE-2016-3145

CVE.ORG link : CVE-2016-3145

JSON object : View

Products Affected

lexmark

cx820dtfe
c4150
cx825dtfe
cx820de
cs820de
cx825dte
cs725de
cx825de
cx860dtfe
cx725de
cs820dtfe
xc4150
cx860de
cs720dte
cs725dte
cs820dte
cs720de
c6160
xc6152dtfe
xc8155de
xc6152de
cx725dthe
xc8160de
printer_firmware
cx860dte
xc8160dte
xc8155dte
cx725dhe

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-3145", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2016-04-22T00:59:09.493", "references": [{"url": "http://support.lexmark.com/index?page=content&id=TE760", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.lexmark.com/index?page=content&id=TE760", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory."}, {"lang": "es", "value": "Impresoras Lexmark con firmware ATL en versiones anteriores a ATL.021.063, CB en versiones anteriores a CB.021.063, PP en versiones anteriores a PP.021.063 y YK en versiones anteriores a YK.021.063 maneja incorectamente las acciones Erase Printer Memory y Erase Hard Disk, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible a trav\u00e9s de lectura directa de operaciones sobre memoria no vol\u00e1til."}], "lastModified": "2024-11-21T02:49:28.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEAC5802-B92B-4895-8C63-4FFD599644C1", "versionEndIncluding": "pp.021.062", "versionStartIncluding": "pp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lexmark:cx820de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67527A88-0DC6-4E7B-A1F0-CE472C19D9F1"}, {"criteria": "cpe:2.3:h:lexmark:cx820dtfe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB1FFAD9-EED0-49A8-9123-3046B07B4681"}, {"criteria": "cpe:2.3:h:lexmark:cx825de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90B573EB-7A2D-4178-886F-03998D0BEFD1"}, {"criteria": "cpe:2.3:h:lexmark:cx825dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21CEFE60-AD40-44F4-9B40-321D348BA3AD"}, {"criteria": "cpe:2.3:h:lexmark:cx825dtfe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6A5F3CB-C008-4C62-AB60-4B89FCDA1DB0"}, {"criteria": "cpe:2.3:h:lexmark:cx860de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FEE5761-0C06-4478-B1EC-EA33F1F6DEF2"}, {"criteria": "cpe:2.3:h:lexmark:cx860dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "021A4710-334E-4993-B471-43B4CE5976B8"}, {"criteria": "cpe:2.3:h:lexmark:cx860dtfe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39F645E6-472B-4FCA-8AD7-5B420A558FEB"}, {"criteria": "cpe:2.3:h:lexmark:xc6152de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09B4032F-D131-4E49-A58C-7363436BC78D"}, {"criteria": "cpe:2.3:h:lexmark:xc6152dtfe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C61A938-34A3-48C0-9688-48EAFE2D4A24"}, {"criteria": "cpe:2.3:h:lexmark:xc8155de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFAE4AEF-F23B-404D-BC1A-BA2441FAB10A"}, {"criteria": "cpe:2.3:h:lexmark:xc8155dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B117121-240E-440F-BF7E-B8F808E918F9"}, {"criteria": "cpe:2.3:h:lexmark:xc8160de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2631BC7C-CA86-4581-A3AD-FBE61244F1E8"}, {"criteria": "cpe:2.3:h:lexmark:xc8160dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A41A9CAA-CF8A-48F2-AECB-D16C415A42AA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE80275C-40AD-4BEC-AF9D-8BFB9A42929E", "versionEndIncluding": "cb.021.062", "versionStartIncluding": "cb"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lexmark:c4150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "324EC762-1276-4121-916B-9981925F242D"}, {"criteria": "cpe:2.3:h:lexmark:cs720de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1427A6D-CEA4-440C-B10A-36E17082F792"}, {"criteria": "cpe:2.3:h:lexmark:cs720dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "70D39A4C-568A-45CC-9C08-45CC4E6E32A0"}, {"criteria": "cpe:2.3:h:lexmark:cs725de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5573FDD-3B85-4477-807D-B4C0A5998622"}, {"criteria": "cpe:2.3:h:lexmark:cs725dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4ACBB26-772F-4D32-97C0-F497A726E31A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62767ADB-755F-4328-8A0B-4DF204950A2F", "versionEndIncluding": "yk.021.062", "versionStartIncluding": "yk"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lexmark:c6160:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48E10C08-E129-4482-92B1-67FD6C0D0407"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BE2AA7A-1B70-4912-89F8-97559B225F6F", "versionEndIncluding": "yk.021.057", "versionStartIncluding": "yk"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lexmark:cs820de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3625CB80-4EC1-47F4-8065-7459F5D14D0D"}, {"criteria": "cpe:2.3:h:lexmark:cs820dte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "156414A8-0F64-48F0-A17F-A536B4B16EEF"}, {"criteria": "cpe:2.3:h:lexmark:cs820dtfe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E42F25E-B296-4FFA-A41E-3CFA226697CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A75C59E7-0B30-4C10-ABFE-BB6AF7FB6118", "versionEndIncluding": "atl.021.062", "versionStartIncluding": "atl"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lexmark:cx725de:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9072D963-3E31-4315-8F36-649F24E335BB"}, {"criteria": "cpe:2.3:h:lexmark:cx725dhe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA61A0D6-A19E-43AB-A1D7-C18728CB527B"}, {"criteria": "cpe:2.3:h:lexmark:cx725dthe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79F1E777-79E7-47EB-8715-72ED79B46E5D"}, {"criteria": "cpe:2.3:h:lexmark:xc4150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74A27B92-5F83-4280-93EA-31F115408405"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}