Vulnerability Description
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | Cx725H Firmware | - |
| Lexmark | Cx725H | - |
| Lexmark | Cx820 Firmware | - |
| Lexmark | Cx820 | - |
| Lexmark | Cx825 Firmware | - |
| Lexmark | Cx825 | - |
| Lexmark | Cx860 Firmware | - |
| Lexmark | Cx860 | - |
| Lexmark | Xc4150 Firmware | - |
| Lexmark | Xc4150 | - |
| Lexmark | Xc6152 Firmware | - |
| Lexmark | Xc6152 | - |
| Lexmark | Xc8155 Firmware | - |
| Lexmark | Xc8155 | - |
| Lexmark | Xc8160 Firmware | - |
| Lexmark | Xc8160 | - |
Related Weaknesses (CWE)
References
- http://support.lexmark.com/index?page=content&id=TE909Vendor Advisory
- http://support.lexmark.com/index?page=content&id=TE909Vendor Advisory
FAQ
What is CVE-2018-17944?
CVE-2018-17944 is a vulnerability with a CVSS score of 4.9 (MEDIUM). On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, an...
How severe is CVE-2018-17944?
CVE-2018-17944 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17944?
Check the references section above for vendor advisories and patch information. Affected products include: Lexmark Cx725H Firmware, Lexmark Cx725H, Lexmark Cx820 Firmware, Lexmark Cx820, Lexmark Cx825 Firmware.