PT-2016-1956 · Lexmark · Lexmark Printers
Published
2016-04-22
·
Updated
2019-08-28
·
CVE-2016-3145
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Lexmark printers with firmware ATL before ATL.021.063
Lexmark printers with firmware CB before CB.021.063
Lexmark printers with firmware PP before PP.021.063
Lexmark printers with firmware YK before YK.021.063
Description
The issue is related to the mishandling of Erase Printer Memory and Erase Hard Disk actions in Lexmark printers, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. This is due to a lack of protection for service data.
Recommendations
For Lexmark printers with firmware ATL before ATL.021.063, update the firmware to ATL.021.063 or later.
For Lexmark printers with firmware CB before CB.021.063, update the firmware to CB.021.063 or later.
For Lexmark printers with firmware PP before PP.021.063, update the firmware to PP.021.063 or later.
For Lexmark printers with firmware YK before YK.021.063, update the firmware to YK.021.063 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lexmark Printers