Strix
26.1K

CVE-2019-18791

MEDIUMCVSS 5.4/10EPSS 0.53%

Last modified

CVE-2019-18791 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.

Description

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.53%

40.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LexmarkCx31x Firmware<= lw73.vyl.p263
LexmarkCx41x Firmware<= lw73.vy2.p263
LexmarkCx310 Firmware<= lw73.gm2.p263
LexmarkMs310 Firmware<= lw73.prl.p263
LexmarkMs312 Firmware<= lw73.prl.p263
LexmarkMs317 Firmware<= lw73.prl.p263
LexmarkMs410 Firmware<= lw73.prl.p263
LexmarkM1140 Firmware<= lw73.prl.p263
LexmarkMs315 Firmware<= lw73.tl2.p263
LexmarkMs415 Firmware<= lw73.tl2.p263
LexmarkMs417 Firmware<= lw73.tl2.p263
LexmarkMs51x Firmware<= lw73.pr2.p263
LexmarkMs610dn Firmware<= lw73.pr2.p263
LexmarkMs617 Firmware<= lw73.pr2.p263
LexmarkM1145 Firmware<= lw73.pr2.p263
LexmarkM3150dn Firmware<= lw73.pr2.p263
LexmarkMs71x Firmware<= lw73.dn2.p263
LexmarkM5163dn Firmware<= lw73.dn2.p263
LexmarkMs810 Firmware<= lw73.dn2.p263
LexmarkMs811 Firmware<= lw73.dn2.p263
LexmarkMs812 Firmware<= lw73.dn2.p263
LexmarkMs817 Firmware<= lw73.dn2.p263
LexmarkMs818 Firmware<= lw73.dn2.p263
LexmarkMs810de Firmware<= lw73.dn4.p263
LexmarkM5155 Firmware<= lw73.dn4.p263
LexmarkM5163 Firmware<= lw73.dn4.p263
LexmarkMs812de Firmware<= lw73.dn7.p263
LexmarkM5170 Firmware<= lw73.dn7.p263
LexmarkMs91x Firmware<= lw73.sa.p263
LexmarkMx31x Firmware<= lw73.sb2.p263
LexmarkXm1135 Firmware<= lw73.sb2.p263
LexmarkMx410 Firmware<= lw73.sb4.p263
LexmarkMx510 Firmware<= lw73.sb4.p263
LexmarkMx511 Firmware<= lw73.sb4.p263
LexmarkMx610 Firmware<= lw73.sb7.p263
LexmarkMx611 Firmware<= lw73.sb7.p263
LexmarkXm3150 Firmware<= lw73.sb7.p263
LexmarkMx71x Firmware<= lw73.tu.p263
LexmarkMx81x Firmware<= lw73.tu.p263
LexmarkXm51xx Firmware<= lw73.tu.p263
LexmarkXm71xx Firmware<= lw73.tu.p263
LexmarkMx91x Firmware<= lw73.mg.p263
LexmarkXm91x Firmware<= lw73.mg.p263
LexmarkMx6500e Firmware<= lw73.jd.p263
LexmarkC746 Firmware<= lhs60.cm2.p731
LexmarkC748 Firmware<= lhs60.cm4.p731
LexmarkCs748 Firmware<= lhs60.cm4.p731
LexmarkC792 Firmware<= lhs60.hc.p731
LexmarkCs796 Firmware<= lhs60.hc.p731
LexmarkC925 Firmware<= lhs60.hv.p731

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-18791?
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.
How severe is CVE-2019-18791?
CVE-2019-18791 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.
How do I fix CVE-2019-18791?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-18791?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST