Strix
26.1K

CVE-2019-19772

MEDIUMCVSS 5.4/10EPSS 0.65%

Last modified

CVE-2019-19772 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.65%

46.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LexmarkCs31x Firmware<= lw74.vyl.p267
LexmarkCs41x Firmware<= lw74.vy2.p267
LexmarkCs51x Firmware<= lw74.vy4.p267
LexmarkCx310 Firmware<= lw74.gm2.p267
LexmarkCx410 Firmware<= lw74.gm4.p267
LexmarkXc2130 Firmware<= lw74.gm4.p267
LexmarkCx510 Firmware<= lw74.gm7.p267
LexmarkXc2132 Firmware<= lw74.gm7.p267
LexmarkMs310 Firmware<= lw74.prl.p267
LexmarkMs312 Firmware<= lw74.prl.p267
LexmarkMs317 Firmware<= lw74.prl.p267
LexmarkMs410 Firmware<= lw74.prl.p267
LexmarkM1140 Firmware<= lw74.prl.p267
LexmarkMs315 Firmware<= lw74.tl2.p267
LexmarkMs415 Firmware<= lw74.tl2.p267
LexmarkMs417 Firmware<= lw74.tl2.p267
LexmarkMs51x Firmware<= lw74.pr2.p267
LexmarkMs610dn Firmware<= lw74.pr2.p267
LexmarkMs617 Firmware<= lw74.pr2.p267
LexmarkM1145 Firmware<= lw74.pr2.p267
LexmarkM3150dn Firmware<= lw74.pr2.p267
LexmarkMs610de Firmware<= lw74.pr4.p267
LexmarkM3150 Firmware<= lw74.pr4.p267
LexmarkMs71x Firmware<= lw74.dn2.p267
LexmarkM5163dn Firmware<= lw74.dn2.p267
LexmarkMs810 Firmware<= lw74.dn2.p267
LexmarkMs811 Firmware<= lw74.dn2.p267
LexmarkMs812 Firmware<= lw74.dn2.p267
LexmarkMs817 Firmware<= lw74.dn2.p267
LexmarkMs818 Firmware<= lw74.dn2.p267
LexmarkMs810de Firmware<= lw74.dn4.p267
LexmarkM5155 Firmware<= lw74.dn4.p267
LexmarkM5163 Firmware<= lw74.dn4.p267
LexmarkMs812de Firmware<= lw74.dn7.p267
LexmarkM5170 Firmware<= lw74.dn7.p267
LexmarkMs91x Firmware<= lw74.sa.p267
LexmarkMx31x Firmware<= lw74.sb2.p267
LexmarkXm1135 Firmware<= lw74.sb2.p267
LexmarkMx410 Firmware<= lw74.sb4.p267
LexmarkMx510 Firmware<= lw74.sb4.p267
LexmarkMx511 Firmware<= lw74.sb4.p267
LexmarkXm1140 Firmware<= lw74.sb4.p267
LexmarkXm1145 Firmware<= lw74.sb4.p267
LexmarkMx610 Firmware<= lw74.sb7.p267
LexmarkMx611 Firmware<= lw74.sb7.p267
LexmarkXm3150 Firmware<= lw74.sb7.p267
LexmarkMx71x Firmware<= lw74.tu.p267
LexmarkMx81x Firmware<= lw74.tu.p267
LexmarkXm51xx Firmware<= lw74.tu.p267
LexmarkXm71xx Firmware<= lw74.tu.p267

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-19772?
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
How severe is CVE-2019-19772?
CVE-2019-19772 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2019-19772?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19772?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST