4.9

CVE-2018-17944

EPSS 0.28%
Veröffentlicht 12.03.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 03:55:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lexmark ≫ Cx725h Firmware Version-

Lexmark ≫ Cx725h Version-

Lexmark ≫ Cx820 Firmware Version-

Lexmark ≫ Cx820 Version-

Lexmark ≫ Cx825 Firmware Version-

Lexmark ≫ Cx825 Version-

Lexmark ≫ Cx860 Firmware Version-

Lexmark ≫ Cx860 Version-

Lexmark ≫ Xc4150 Firmware Version-

Lexmark ≫ Xc4150 Version-

Lexmark ≫ Xc6152 Firmware Version-

Lexmark ≫ Xc6152 Version-

Lexmark ≫ Xc8155 Firmware Version-

Lexmark ≫ Xc8155 Version-

Lexmark ≫ Xc8160 Firmware Version-

Lexmark ≫ Xc8160 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.511

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://support.lexmark.com/index?page=content&id=TE909

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-17944

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17944

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17944

EUVD