CVE-2013-6032 — HIGH (10.0)

Q: How severe is CVE-2013-6032?

CVE-2013-6032 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-6032?

Check the references section above for vendor advisories and patch information. Affected products include: Lexmark 25Xxn, Lexmark C52X, Lexmark C53X, Lexmark C77X, Lexmark C78X.

Vulnerability Description

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Lexmark	25Xxn	<= lcl.cu.p114
Lexmark	C52X	<= ls.fa.p150
Lexmark	C53X	<= ls.sw.p069
Lexmark	C77X	<= lc.cm.p052
Lexmark	C78X	<= lc.io.p187
Lexmark	C920	<= ls.ta.p152
Lexmark	C935Dn	<= lc.jo.p091
Lexmark	E250	<= le.pm.p126
Lexmark	E350	<= le.ph.p129
Lexmark	E450	<= lm.sz.p124
Lexmark	N4000	<= lc.md.p119
Lexmark	N4050E	<= go.go.n206
Lexmark	N70Xxe	<= lc.co.n309
Lexmark	T64X	<= ls.st.p343
Lexmark	W840	<= ls.ha.p252
Lexmark	X642	<= lc2.mb.p318
Lexmark	X644	<= lc4.be.p487
Lexmark	X646	<= lc2.mc.p373
Lexmark	X64Xef	<= lc2.ti.p325
Lexmark	X772	<= lc2.tr.p291

Related Weaknesses (CWE)

CWE-20

References

http://support.lexmark.com/index?page=content&id=TE586
http://www.kb.cert.org/vuls/id/108062US Government Resource
http://support.lexmark.com/index?page=content&id=TE586
http://www.kb.cert.org/vuls/id/108062US Government Resource

FAQ

What is CVE-2013-6032?

CVE-2013-6032 is a vulnerability with a CVSS score of 10.0 (HIGH). cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x...

How severe is CVE-2013-6032?

CVE-2013-6032 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6032?

Check the references section above for vendor advisories and patch information. Affected products include: Lexmark 25Xxn, Lexmark C52X, Lexmark C53X, Lexmark C77X, Lexmark C78X.