Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-9935


Various Lexmark products have Incorrect Access Control (issue 2 of 2).


Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.3, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, for affected systems. Impacting 50 products from lexmark, from lexmark, from lexmark and 47 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.


Published

2019-08-28T16:15:12.017

Last Modified

2026-06-17T02:44:53.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-306

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lexmark cs31x_firmware ≤ lw71.vyl.p229 Yes
Hardware lexmark cs31x - No
Operating System lexmark cs41x_firmware ≤ lw71.vy2.p229 Yes
Hardware lexmark cs41x - No
Operating System lexmark cx310_firmware ≤ lw71.gm2.p229 Yes
Hardware lexmark cx310 - No
Operating System lexmark ms310_firmware ≤ lw71.prl.p229 Yes
Hardware lexmark ms310 - No
Operating System lexmark ms312_firmware ≤ lw71.prl.p229 Yes
Hardware lexmark ms312 - No
Operating System lexmark ms317_firmware ≤ lw71.prl.p229 Yes
Hardware lexmark ms317 - No
Operating System lexmark ms410_firmware ≤ lw71.prl.p229 Yes
Hardware lexmark ms410 - No
Operating System lexmark m1140_firmware ≤ lw71.prl.p229 Yes
Hardware lexmark m1140 - No
Operating System lexmark ms315_firmware ≤ lw71.tl2.p229 Yes
Hardware lexmark ms315 - No
Operating System lexmark ms415_firmware ≤ lw71.tl2.p229 Yes
Hardware lexmark ms415 - No
Operating System lexmark ms417_firmware ≤ lw71.tl2.p229 Yes
Hardware lexmark ms417 - No
Operating System lexmark mx31x_firmware ≤ lw71.sb2.p229 Yes
Hardware lexmark mx31x - No
Operating System lexmark xm1135_firmware ≤ lw71.sb2.p229 Yes
Hardware lexmark xm1135 - No
Operating System lexmark ms51x_firmware ≤ lw71.pr2.p229 Yes
Hardware lexmark ms51x - No
Operating System lexmark ms610dn_firmware ≤ lw71.pr2.p229 Yes
Hardware lexmark ms610dn - No
Operating System lexmark ms617_firmware ≤ lw71.pr2.p229 Yes
Hardware lexmark ms617 - No
Operating System lexmark m1145_firmware ≤ lw71.pr2.p229 Yes
Hardware lexmark m1145 - No
Operating System lexmark m3150dn_firmware ≤ lw71.pr2.p229 Yes
Hardware lexmark m3150dn - No
Operating System lexmark ms71x_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms71x - No
Operating System lexmark m5163dn_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark m5163dn - No
Operating System lexmark ms810_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms810 - No
Operating System lexmark ms811_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms811 - No
Operating System lexmark ms812_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms812 - No
Operating System lexmark ms817_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms817 - No
Operating System lexmark ms818_firmware ≤ lw71.dn2.p229 Yes
Hardware lexmark ms818 - No

References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lexmark's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.