Vulnerability Details : CVE-2018-15520
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
Vulnerability category: Overflow
Products affected by CVE-2018-15520
- cpe:2.3:o:lexmark:cx82x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx82x FirmwareVersions from including (>=) cxtpp.052.200 and up to, including, (<=) cxtpp.052.204cpe:2.3:o:lexmark:cx82x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx860 FirmwareVersions from including (>=) cxtpp.052.200 and up to, including, (<=) cxtpp.052.204cpe:2.3:o:lexmark:cx860_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx860_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc6152_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc6152 FirmwareVersions from including (>=) cxtpp.052.200 and up to, including, (<=) cxtpp.052.204cpe:2.3:o:lexmark:xc6152_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc8155_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc8155 FirmwareVersions from including (>=) cxtpp.052.200 and up to, including, (<=) cxtpp.052.204cpe:2.3:o:lexmark:xc8155_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc8160 FirmwareVersions from including (>=) cxtpp.052.200 and up to, including, (<=) cxtpp.052.204cpe:2.3:o:lexmark:xc8160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc8160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx72x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx72x FirmwareVersions from including (>=) cxtat.052.200 and up to, including, (<=) cxtat.052.204cpe:2.3:o:lexmark:cx72x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc41x0_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc41x0 FirmwareVersions from including (>=) cxtat.052.200 and up to, including, (<=) cxtat.052.204cpe:2.3:o:lexmark:xc41x0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx92x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx92x FirmwareVersions from including (>=) cxtmh.052.200 and up to, including, (<=) cxtmh.052.204cpe:2.3:o:lexmark:cx92x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc92x5_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc92x5 FirmwareVersions from including (>=) cxtmh.052.200 and up to, including, (<=) cxtmh.052.204cpe:2.3:o:lexmark:xc92x5_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx321_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx321 FirmwareVersions from including (>=) mxngm.052.200 and up to, including, (<=) mxngm.052.204cpe:2.3:o:lexmark:mx321_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2338_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mb2338 FirmwareVersions from including (>=) mxngm.052.200 and up to, including, (<=) mxngm.052.204cpe:2.3:o:lexmark:mb2338_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx42x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx42x FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mx42x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx52x FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mx52x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx52x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx622 FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mx622_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx622_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mb2442 FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mb2442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2546_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mb2546 FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mb2546_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2650_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mb2650 FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:mb2650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm124x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xm124x FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:xm124x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm3250_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xm3250 FirmwareVersions from including (>=) mxtgm.052.200 and up to, including, (<=) mxtgm.052.204cpe:2.3:o:lexmark:xm3250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx72x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx72x FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:mx72x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx82x_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mx82x FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:mx82x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2770_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mb2770 FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:mb2770_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xm5370 FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:xm5370_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm5370_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm7355_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xm7355 FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:xm7355_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xm7370 FirmwareVersions from including (>=) mxtgw.052.200 and up to, including, (<=) mxtgw.052.204cpe:2.3:o:lexmark:xm7370_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm7370_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx421_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx421 FirmwareVersions from including (>=) cxnzj.052.200 and up to, including, (<=) cxnzj.052.204cpe:2.3:o:lexmark:cx421_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2325_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mc2325 FirmwareVersions from including (>=) cxnzj.052.200 and up to, including, (<=) cxnzj.052.204cpe:2.3:o:lexmark:mc2325_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mc2425 FirmwareVersions from including (>=) cxnzj.052.200 and up to, including, (<=) cxnzj.052.204cpe:2.3:o:lexmark:mc2425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2425_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx522 FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:cx522_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx522_firmware:*:*:*:*:*:*:*:*
- Lexmark » Cx62x FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:cx62x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx62x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2535_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mc2535 FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:mc2535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2640_firmware:*:*:*:*:*:*:*:*
- Lexmark » Mc2640 FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:mc2640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc2235_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc2235 FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:xc2235_firmware:*:*:*:*:*:*:*:*
- Lexmark » Xc4240 FirmwareVersions from including (>=) cxtzj.052.200 and up to, including, (<=) cxtzj.052.204cpe:2.3:o:lexmark:xc4240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4240_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15520
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15520
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-15520
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15520
-
http://support.lexmark.com/index?page=content&id=TE892
Lexmark United States Lexmark Security Advisory: Lexmark Buffer Overflow VulnerabilityVendor Advisory
Jump to