CVE-2018-15520

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-15520
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://support.lexmark.com/index?page=content&id=TE892 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:lexmark:cx82x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx82x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx82x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:lexmark:cx860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx860:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:lexmark:xc6152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc6152_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc6152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:lexmark:xc8155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc8155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8155:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:lexmark:xc8160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc8160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8160:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:lexmark:cx72x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx72x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx72x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:lexmark:xc41x0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc41x0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc41x0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:lexmark:cx92x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx92x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx92x:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:lexmark:xc92x5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc92x5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc92x5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:lexmark:mx321_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx321_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx321:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:lexmark:mb2338_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mb2338_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mb2338:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:lexmark:mx42x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx42x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx42x:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:lexmark:mx52x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx52x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx52x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:lexmark:mx622_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx622_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx622:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:lexmark:mb2442_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mb2442_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mb2442:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:lexmark:mb2546_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mb2546_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mb2546:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:lexmark:mb2650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mb2650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mb2650:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
OR cpe:2.3:o:lexmark:xm124x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xm124x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm124x:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
OR cpe:2.3:o:lexmark:xm3250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xm3250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm3250:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
OR cpe:2.3:o:lexmark:mx72x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx72x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx72x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
OR cpe:2.3:o:lexmark:mx82x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mx82x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx82x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
OR cpe:2.3:o:lexmark:mb2770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mb2770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mb2770:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
OR cpe:2.3:o:lexmark:xm5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xm5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm5370:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
OR cpe:2.3:o:lexmark:xm7355_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xm7355_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7355:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
OR cpe:2.3:o:lexmark:xm7370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xm7370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7370:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
OR cpe:2.3:o:lexmark:cx421_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx421_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx421:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
OR cpe:2.3:o:lexmark:mc2325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mc2325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mc2325:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
OR cpe:2.3:o:lexmark:mc2425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mc2425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mc2425:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
OR cpe:2.3:o:lexmark:cx522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx522_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx522:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
OR cpe:2.3:o:lexmark:cx62x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx62x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx62x:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
OR cpe:2.3:o:lexmark:mc2535_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mc2535_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mc2535:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
OR cpe:2.3:o:lexmark:mc2640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:mc2640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mc2640:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
OR cpe:2.3:o:lexmark:xc2235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc2235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc2235:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
OR cpe:2.3:o:lexmark:xc4240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc4240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc4240:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-06-28 16:15

Updated : 2023-12-10 12:59

NVD link : CVE-2018-15520

Mitre link : CVE-2018-15520

CVE.ORG link : CVE-2018-15520

JSON object : View

Products Affected

lexmark

  • cx92x_firmware
  • xc41x0
  • cx522
  • mc2640_firmware
  • xc41x0_firmware
  • mx42x_firmware
  • mc2325
  • cx860_firmware
  • mx52x
  • mb2650
  • xc2235
  • cx421_firmware
  • xm124x_firmware
  • xc92x5_firmware
  • cx72x_firmware
  • mc2425
  • mb2650_firmware
  • cx92x
  • mb2770_firmware
  • xc2235_firmware
  • mb2546_firmware
  • xm7355
  • mx622
  • mx321_firmware
  • cx421
  • mx321
  • xm3250_firmware
  • mb2338
  • xm3250
  • mx622_firmware
  • mx72x_firmware
  • xc4240
  • xc8160_firmware
  • cx62x
  • mc2535_firmware
  • mc2325_firmware
  • mx72x
  • mb2442
  • mx82x
  • cx860
  • cx82x_firmware
  • mb2442_firmware
  • xc4240_firmware
  • xc6152_firmware
  • cx72x
  • xm7370
  • xc8155_firmware
  • mb2338_firmware
  • mx82x_firmware
  • xm5370
  • mc2425_firmware
  • mc2640
  • cx62x_firmware
  • xm124x
  • cx82x
  • mx42x
  • mx52x_firmware
  • mc2535
  • xc8155
  • xc6152
  • mb2546
  • mb2770
  • xm5370_firmware
  • xm7370_firmware
  • xc8160
  • xc92x5
  • cx522_firmware
  • xm7355_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer