CVE-2016-1896

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lexmark:c4150:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs720de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs720dte:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs725de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs725dte:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lexmark:cx725de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx725dhe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx725dthe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc4150:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lexmark:c6160:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs820de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs820dte:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs820dtfe:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lexmark:printer_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lexmark:cx820de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx820dtfe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx825de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx825dte:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx825dtfe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx860de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx860dte:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx860dtfe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc6152de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc6152dtfe:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8155de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8155dte:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8160de:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc8160dte:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:47

Type Values Removed Values Added
References () http://support.lexmark.com/index?page=content&id=TE745 - Vendor Advisory () http://support.lexmark.com/index?page=content&id=TE745 - Vendor Advisory

Information

Published : 2016-01-27 05:59

Updated : 2024-11-21 02:47


NVD link : CVE-2016-1896

Mitre link : CVE-2016-1896

CVE.ORG link : CVE-2016-1896


JSON object : View

Products Affected

lexmark

  • printer_firmware
  • xc6152de
  • cx725dhe
  • cs820dtfe
  • xc4150
  • xc8160dte
  • cs820de
  • xc8155de
  • cs725dte
  • xc6152dtfe
  • cx725dthe
  • cx860de
  • c6160
  • c4150
  • cx860dte
  • cx825dtfe
  • cx820de
  • cx825dte
  • cx825de
  • cs720de
  • xc8155dte
  • xc8160de
  • cs820dte
  • cx725de
  • cs720dte
  • cx820dtfe
  • cs725de
  • cx860dtfe
CWE
CWE-254

7PK - Security Features

CWE-264

Permissions, Privileges, and Access Controls