Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-3145


Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.


Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.6, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 28 products from lexmark, from lexmark, from lexmark and 25 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2016, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.


Published

2016-04-22T00:59:09.493

Last Modified

2026-06-17T00:45:10.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lexmark printer_firmware ≤ pp.021.062 Yes
Hardware lexmark cx820de - No
Hardware lexmark cx820dtfe - No
Hardware lexmark cx825de - No
Hardware lexmark cx825dte - No
Hardware lexmark cx825dtfe - No
Hardware lexmark cx860de - No
Hardware lexmark cx860dte - No
Hardware lexmark cx860dtfe - No
Hardware lexmark xc6152de - No
Hardware lexmark xc6152dtfe - No
Hardware lexmark xc8155de - No
Hardware lexmark xc8155dte - No
Hardware lexmark xc8160de - No
Hardware lexmark xc8160dte - No
Operating System lexmark printer_firmware ≤ cb.021.062 Yes
Hardware lexmark c4150 - No
Hardware lexmark cs720de - No
Hardware lexmark cs720dte - No
Hardware lexmark cs725de - No
Hardware lexmark cs725dte - No
Operating System lexmark printer_firmware ≤ yk.021.062 Yes
Hardware lexmark c6160 - No
Operating System lexmark printer_firmware ≤ yk.021.057 Yes
Hardware lexmark cs820de - No
Hardware lexmark cs820dte - No
Hardware lexmark cs820dtfe - No
Operating System lexmark printer_firmware ≤ atl.021.062 Yes
Hardware lexmark cx725de - No
Hardware lexmark cx725dhe - No
Hardware lexmark cx725dthe - No
Hardware lexmark xc4150 - No

References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lexmark's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.