Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1896


Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.


Published

2016-01-27T05:59:04.307

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-254
    CWE-264

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lexmark printer_firmware ≤ cb.02.048 Yes
Hardware lexmark c4150 * No
Hardware lexmark cs720de * No
Hardware lexmark cs720dte * No
Hardware lexmark cs725de * No
Hardware lexmark cs725dte * No
Operating System lexmark printer_firmware ≤ atl.02.048 Yes
Hardware lexmark cx725de * No
Hardware lexmark cx725dhe * No
Hardware lexmark cx725dthe * No
Hardware lexmark xc4150 * No
Operating System lexmark printer_firmware ≤ yk.02.048 Yes
Hardware lexmark c6160 * No
Hardware lexmark cs820de * No
Hardware lexmark cs820dte * No
Hardware lexmark cs820dtfe * No
Operating System lexmark printer_firmware ≤ pp.02.048 Yes
Hardware lexmark cx820de * No
Hardware lexmark cx820dtfe * No
Hardware lexmark cx825de * No
Hardware lexmark cx825dte * No
Hardware lexmark cx825dtfe * No
Hardware lexmark cx860de * No
Hardware lexmark cx860dte * No
Hardware lexmark cx860dtfe * No
Hardware lexmark xc6152de * No
Hardware lexmark xc6152dtfe * No
Hardware lexmark xc8155de * No
Hardware lexmark xc8155dte * No
Hardware lexmark xc8160de * No
Hardware lexmark xc8160dte * No

References