Vulnerability Description
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | Printer Firmware | >= pp, <= pp.021.062 |
| Lexmark | Cx820De | - |
| Lexmark | Cx820Dtfe | - |
| Lexmark | Cx825De | - |
| Lexmark | Cx825Dte | - |
| Lexmark | Cx825Dtfe | - |
| Lexmark | Cx860De | - |
| Lexmark | Cx860Dte | - |
| Lexmark | Cx860Dtfe | - |
| Lexmark | Xc6152De | - |
| Lexmark | Xc6152Dtfe | - |
| Lexmark | Xc8155De | - |
| Lexmark | Xc8155Dte | - |
| Lexmark | Xc8160De | - |
| Lexmark | Xc8160Dte | - |
| Lexmark | C4150 | - |
| Lexmark | Cs720De | - |
| Lexmark | Cs720Dte | - |
| Lexmark | Cs725De | - |
| Lexmark | Cs725Dte | - |
Related Weaknesses (CWE)
References
- http://support.lexmark.com/index?page=content&id=TE760Vendor Advisory
- http://support.lexmark.com/index?page=content&id=TE760Vendor Advisory
FAQ
What is CVE-2016-3145?
CVE-2016-3145 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows phy...
How severe is CVE-2016-3145?
CVE-2016-3145 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3145?
Check the references section above for vendor advisories and patch information. Affected products include: Lexmark Printer Firmware, Lexmark Cx820De, Lexmark Cx820Dtfe, Lexmark Cx825De, Lexmark Cx825Dte.