CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17944

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.1%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

Products affected by CVE-2018-17944

Lexmark » Cx725h » Version: N/A

cpe:2.3:h:lexmark:cx725h:-
Lexmark » Cx820 » Version: N/A

cpe:2.3:h:lexmark:cx820:-
Lexmark » Cx825 » Version: N/A

cpe:2.3:h:lexmark:cx825:-
Lexmark » Cx860 » Version: N/A

cpe:2.3:h:lexmark:cx860:-
Lexmark » Xc4150 » Version: N/A

cpe:2.3:h:lexmark:xc4150:-
Lexmark » Xc6152 » Version: N/A

cpe:2.3:h:lexmark:xc6152:-
Lexmark » Xc8155 » Version: N/A

cpe:2.3:h:lexmark:xc8155:-
Lexmark » Xc8160 » Version: N/A

cpe:2.3:h:lexmark:xc8160:-
Lexmark » Cx725h Firmware » Version: N/A

cpe:2.3:o:lexmark:cx725h_firmware:-
Lexmark » Cx820 Firmware » Version: N/A

cpe:2.3:o:lexmark:cx820_firmware:-
Lexmark » Cx825 Firmware » Version: N/A

cpe:2.3:o:lexmark:cx825_firmware:-
Lexmark » Cx860 Firmware » Version: N/A

cpe:2.3:o:lexmark:cx860_firmware:-
Lexmark » Xc4150 Firmware » Version: N/A

cpe:2.3:o:lexmark:xc4150_firmware:-
Lexmark » Xc6152 Firmware » Version: N/A

cpe:2.3:o:lexmark:xc6152_firmware:-
Lexmark » Xc8155 Firmware » Version: N/A

cpe:2.3:o:lexmark:xc8155_firmware:-
Lexmark » Xc8160 Firmware » Version: N/A

cpe:2.3:o:lexmark:xc8160_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17944

Products

Pricing

Contact Us