PT-2016-1247 · Lexmark · Lexmark Printers
Published
2016-01-27
·
Updated
2016-02-01
·
CVE-2016-1896
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lexmark printers with firmware ATL before ATL.02.049
Lexmark printers with firmware CB before CB.02.049
Lexmark printers with firmware PP before PP.02.049
Lexmark printers with firmware YK before YK.02.049
Description
The issue is related to a race condition in the initialization process of Lexmark printers, which can be exploited by remote attackers to bypass authentication. This is due to incorrect detection of the security-jumper status, allowing an attacker to leverage insufficient checking of a shared resource's state.
Recommendations
For Lexmark printers with firmware ATL before ATL.02.049, update the firmware to ATL.02.049 or later.
For Lexmark printers with firmware CB before CB.02.049, update the firmware to CB.02.049 or later.
For Lexmark printers with firmware PP before PP.02.049, update the firmware to PP.02.049 or later.
For Lexmark printers with firmware YK before YK.02.049, update the firmware to YK.02.049 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lexmark Printers