CVE-2016-1896: Race Condition
First published: Wed Jan 27 2016(Updated: )
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark Printer Firmware | <=cb.02.048 | |
| Lexmark C4150 Firmware | ||
| Lexmark Cs720 | ||
| Lexmark CS720DTE | ||
| Lexmark CS725dte | ||
| Lexmark CS725dte | ||
| Lexmark Printer Firmware | <=atl.02.048 | |
| Lexmark Cx725 | ||
| Lexmark Cx725 | ||
| Lexmark Cx725 | ||
| Lexmark Xc4150 Firmware | ||
| Lexmark Printer Firmware | <=yk.02.048 | |
| Lexmark C6160 Firmware | ||
| Lexmark Cs820 | ||
| Lexmark Cs820dtfe | ||
| Lexmark Cs820 | ||
| Lexmark Printer Firmware | <=pp.02.048 | |
| Lexmark Cx820 | ||
| Lexmark Cx820de | ||
| Lexmark Cx825de | ||
| Lexmark Cx825dtfe | ||
| Lexmark Cx825dtfe | ||
| Lexmark Cx860 | ||
| Lexmark Cx860 | ||
| Lexmark Cx860 | ||
| Lexmark Xc6152de | ||
| Lexmark Xc6152dtfe | ||
| Lexmark Xc8155 | ||
| Lexmark Xc8155 | ||
| Lexmark Xc8160 | ||
| Lexmark Xc8160 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1896?
CVE-2016-1896 has a medium severity rating due to its potential for remote authentication bypass.
How do I fix CVE-2016-1896?
To fix CVE-2016-1896, update the firmware of the affected Lexmark printers to the latest version beyond ATL.02.049, CB.02.049, PP.02.049, and YK.02.049.
Which devices are affected by CVE-2016-1896?
CVE-2016-1896 affects various Lexmark printers running firmware versions ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049.
What is the nature of the vulnerability in CVE-2016-1896?
CVE-2016-1896 is a race condition in the initialization process that allows remote attackers to bypass authentication.
Does CVE-2016-1896 impact all Lexmark printers?
No, CVE-2016-1896 only impacts certain Lexmark printer models with specified firmware versions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lexmark
- canonical/lexmark printer firmware
- version/lexmark printer firmware/cb.02.048
- canonical/lexmark c4150 firmware
- canonical/lexmark cs720
- canonical/lexmark cs720dte
- canonical/lexmark cs725dte
- version/lexmark printer firmware/atl.02.048
- canonical/lexmark cx725
- canonical/lexmark xc4150 firmware
- version/lexmark printer firmware/yk.02.048
- canonical/lexmark c6160 firmware
- canonical/lexmark cs820
- canonical/lexmark cs820dtfe
- version/lexmark printer firmware/pp.02.048
- canonical/lexmark cx820
- canonical/lexmark cx820de
- canonical/lexmark cx825de
- canonical/lexmark cx825dtfe
- canonical/lexmark cx860
- canonical/lexmark xc6152de
- canonical/lexmark xc6152dtfe
- canonical/lexmark xc8155
- canonical/lexmark xc8160
- canonical/lexmark xc8160 firmware