CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2013-6032

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.
Publish Date : 2014-02-04 Last Update Date : 2014-02-04
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
10.0
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 20

- Products Affected By CVE-2013-6032

# Product Type Vendor Product Version Update Edition Language
1 Hardware Lexmark 25xxn Lcl.cu.p114 Version Details Vulnerabilities
2 Hardware Lexmark C52x Ls.fa.p150 Version Details Vulnerabilities
3 Hardware Lexmark C53x Ls.sw.p069 Version Details Vulnerabilities
4 Hardware Lexmark C77x Lc.cm.p052 Version Details Vulnerabilities
5 Hardware Lexmark C78x Lc.io.p187 Version Details Vulnerabilities
6 Hardware Lexmark C920 Ls.ta.p152 Version Details Vulnerabilities
7 Hardware Lexmark C935dn Lc.jo.p091 Version Details Vulnerabilities
8 Hardware Lexmark E250 Le.pm.p126 Version Details Vulnerabilities
9 Hardware Lexmark E350 Le.ph.p129 Version Details Vulnerabilities
10 Hardware Lexmark E450 Lm.sz.p124 Version Details Vulnerabilities
11 Hardware Lexmark N4000 Lc.md.p119 Version Details Vulnerabilities
12 Hardware Lexmark N4050e Go.go.n206 Version Details Vulnerabilities
13 Hardware Lexmark N70xxe Lc.co.n309 Version Details Vulnerabilities
14 Hardware Lexmark T64x Ls.st.p343 Version Details Vulnerabilities
15 Hardware Lexmark W840 Ls.ha.p252 Version Details Vulnerabilities
16 Hardware Lexmark X642 Lc2.mb.p318 Version Details Vulnerabilities
17 Hardware Lexmark X644 Lc4.be.p487 Version Details Vulnerabilities
18 Hardware Lexmark X646 Lc2.mc.p373 Version Details Vulnerabilities
19 Hardware Lexmark X64xef Lc2.ti.p325 Version Details Vulnerabilities
20 Hardware Lexmark X772 Lc2.tr.p291 Version Details Vulnerabilities
21 Hardware Lexmark X78x Lc2.io.p335 Version Details Vulnerabilities
22 Hardware Lexmark X85x Lc4.be.p487 Version Details Vulnerabilities
23 Hardware Lexmark X94x Lc.br.p141 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Lexmark 25xxn 1
Lexmark C52x 1
Lexmark C53x 1
Lexmark C77x 1
Lexmark C78x 1
Lexmark C920 1
Lexmark C935dn 1
Lexmark E250 1
Lexmark E350 1
Lexmark E450 1
Lexmark N4000 1
Lexmark N4050e 1
Lexmark N70xxe 1
Lexmark T64x 1
Lexmark W840 1
Lexmark X642 1
Lexmark X644 1
Lexmark X646 1
Lexmark X64xef 1
Lexmark X772 1
Lexmark X78x 1
Lexmark X85x 1
Lexmark X94x 1

- References For CVE-2013-6032

http://support.lexmark.com/index?page=content&id=TE586 CONFIRM
http://www.kb.cert.org/vuls/id/108062
CERT-VN VU#108062

- Metasploit Modules Related To CVE-2013-6032

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.