Vulnerability Description
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | Printer Firmware | <= cb.02.048 |
| Lexmark | C4150 | All versions |
| Lexmark | Cs720De | All versions |
| Lexmark | Cs720Dte | All versions |
| Lexmark | Cs725De | All versions |
| Lexmark | Cs725Dte | All versions |
| Lexmark | Cx725De | All versions |
| Lexmark | Cx725Dhe | All versions |
| Lexmark | Cx725Dthe | All versions |
| Lexmark | Xc4150 | All versions |
| Lexmark | C6160 | All versions |
| Lexmark | Cs820De | All versions |
| Lexmark | Cs820Dte | All versions |
| Lexmark | Cs820Dtfe | All versions |
| Lexmark | Cx820De | All versions |
| Lexmark | Cx820Dtfe | All versions |
| Lexmark | Cx825De | All versions |
| Lexmark | Cx825Dte | All versions |
| Lexmark | Cx825Dtfe | All versions |
| Lexmark | Cx860De | All versions |
Related Weaknesses (CWE)
References
- http://support.lexmark.com/index?page=content&id=TE745Vendor Advisory
- http://support.lexmark.com/index?page=content&id=TE745Vendor Advisory
FAQ
What is CVE-2016-1896?
CVE-2016-1896 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypas...
How severe is CVE-2016-1896?
CVE-2016-1896 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-1896?
Check the references section above for vendor advisories and patch information. Affected products include: Lexmark Printer Firmware, Lexmark C4150, Lexmark Cs720De, Lexmark Cs720Dte, Lexmark Cs725De.