CVE-2016-1896: Race Condition
First published: Wed Jan 27 2016(Updated: )
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark Printer Firmware | <=cb.02.048 | |
| Lexmark MC3224i | ||
| Lexmark Cs720de | ||
| Lexmark Cs720dte | ||
| Lexmark Cs725de | ||
| Lexmark Cs725dte | ||
| Lexmark Printer Firmware | <=atl.02.048 | |
| Lexmark Cx725de | ||
| Lexmark Cx725dhe | ||
| Lexmark Cx725dthe | ||
| Lexmark MC3224i | ||
| Lexmark Printer Firmware | <=yk.02.048 | |
| Lexmark C6160 | ||
| Lexmark Cs820de | ||
| Lexmark Cs820dte | ||
| Lexmark Cs820dtfe | ||
| Lexmark Printer Firmware | <=pp.02.048 | |
| Lexmark Cx820de | ||
| Lexmark Cx820dtfe | ||
| Lexmark Cx825de | ||
| Lexmark Cx825dte | ||
| Lexmark Cx825dtfe | ||
| Lexmark Cx860de | ||
| Lexmark Cx860dte | ||
| Lexmark Cx860dtfe | ||
| Lexmark Xc6152de | ||
| Lexmark Xc6152dtfe | ||
| Lexmark Xc8155de | ||
| Lexmark Xc8155dte | ||
| Lexmark Xc8160de | ||
| Lexmark Xc8160dte |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1896?
CVE-2016-1896 has a medium severity rating due to its potential for remote authentication bypass.
How do I fix CVE-2016-1896?
To fix CVE-2016-1896, update the firmware of the affected Lexmark printers to the latest version beyond ATL.02.049, CB.02.049, PP.02.049, and YK.02.049.
Which devices are affected by CVE-2016-1896?
CVE-2016-1896 affects various Lexmark printers running firmware versions ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049.
What is the nature of the vulnerability in CVE-2016-1896?
CVE-2016-1896 is a race condition in the initialization process that allows remote attackers to bypass authentication.
Does CVE-2016-1896 impact all Lexmark printers?
No, CVE-2016-1896 only impacts certain Lexmark printer models with specified firmware versions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/lexmark
- canonical/lexmark printer firmware
- version/lexmark printer firmware/cb.02.048
- canonical/lexmark mc3224i
- canonical/lexmark cs720de
- canonical/lexmark cs720dte
- canonical/lexmark cs725de
- canonical/lexmark cs725dte
- version/lexmark printer firmware/atl.02.048
- canonical/lexmark cx725de
- canonical/lexmark cx725dhe
- canonical/lexmark cx725dthe
- version/lexmark printer firmware/yk.02.048
- canonical/lexmark c6160
- canonical/lexmark cs820de
- canonical/lexmark cs820dte
- canonical/lexmark cs820dtfe
- version/lexmark printer firmware/pp.02.048
- canonical/lexmark cx820de
- canonical/lexmark cx820dtfe
- canonical/lexmark cx825de
- canonical/lexmark cx825dte
- canonical/lexmark cx825dtfe
- canonical/lexmark cx860de
- canonical/lexmark cx860dte
- canonical/lexmark cx860dtfe
- canonical/lexmark xc6152de
- canonical/lexmark xc6152dtfe
- canonical/lexmark xc8155de
- canonical/lexmark xc8155dte
- canonical/lexmark xc8160de
- canonical/lexmark xc8160dte