CVE-2018-17944
Last modified
CVE-2018-17944 is a vulnerability of currently unknown severity. On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | Cx725h Firmware | All versions |
| Lexmark | Cx820 Firmware | All versions |
| Lexmark | Cx825 Firmware | All versions |
| Lexmark | Cx860 Firmware | All versions |
| Lexmark | Xc4150 Firmware | All versions |
| Lexmark | Xc6152 Firmware | All versions |
| Lexmark | Xc8155 Firmware | All versions |
| Lexmark | Xc8160 Firmware | All versions |
References
- http://support.lexmark.com/index?page=content&id=TE909Vendor Advisory
- http://support.lexmark.com/index?page=content&id=TE909Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-17944?
How severe is CVE-2018-17944?
How do I fix CVE-2018-17944?
Are you affected by CVE-2018-17944?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST