CVE-2016-3145: Infoleak
First published: Fri Apr 22 2016(Updated: )
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark Printer Firmware | >=pp<=pp.021.062 | |
| Lexmark Cx820 | ||
| Lexmark Cx820de | ||
| Lexmark Cx825de | ||
| Lexmark Cx825dtfe | ||
| Lexmark Cx825dtfe | ||
| Lexmark Cx860 | ||
| Lexmark Cx860 | ||
| Lexmark Cx860 | ||
| Lexmark Xc6152de | ||
| Lexmark Xc6152dtfe | ||
| Lexmark Xc8155 | ||
| Lexmark Xc8155 | ||
| Lexmark Xc8160 | ||
| Lexmark Xc8160 Firmware | ||
| Lexmark Printer Firmware | >=cb<=cb.021.062 | |
| Lexmark C4150 Firmware | ||
| Lexmark Cs720 | ||
| Lexmark CS720DTE | ||
| Lexmark CS725dte | ||
| Lexmark CS725dte | ||
| Lexmark Printer Firmware | >=yk<=yk.021.062 | |
| Lexmark C6160 Firmware | ||
| Lexmark Printer Firmware | >=yk<=yk.021.057 | |
| Lexmark Cs820 | ||
| Lexmark Cs820dtfe | ||
| Lexmark Cs820 | ||
| Lexmark Printer Firmware | >=atl<=atl.021.062 | |
| Lexmark Cx725 | ||
| Lexmark Cx725 | ||
| Lexmark Cx725 | ||
| Lexmark Xc4150 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3145?
CVE-2016-3145 has a medium severity level due to its exploitation potential allowing unauthorized access to sensitive information.
How do I fix CVE-2016-3145?
To mitigate CVE-2016-3145, update the printer firmware to the latest version provided by Lexmark.
What types of Lexmark printers are affected by CVE-2016-3145?
Lexmark printers with specific firmware versions ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 are vulnerable.
What kind of information can be accessed due to CVE-2016-3145?
CVE-2016-3145 may allow attackers to obtain sensitive information stored in the printer's memory or hard disk.
Is physical access required to exploit CVE-2016-3145?
Yes, exploiting CVE-2016-3145 requires physical proximity to the affected Lexmark printers.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lexmark
- canonical/lexmark printer firmware
- version/lexmark printer firmware/pp
- version/lexmark printer firmware/pp.021.062
- canonical/lexmark cx820
- canonical/lexmark cx820de
- canonical/lexmark cx825de
- canonical/lexmark cx825dtfe
- canonical/lexmark cx860
- canonical/lexmark xc6152de
- canonical/lexmark xc6152dtfe
- canonical/lexmark xc8155
- canonical/lexmark xc8160
- canonical/lexmark xc8160 firmware
- version/lexmark printer firmware/cb
- version/lexmark printer firmware/cb.021.062
- canonical/lexmark c4150 firmware
- canonical/lexmark cs720
- canonical/lexmark cs720dte
- canonical/lexmark cs725dte
- version/lexmark printer firmware/yk
- version/lexmark printer firmware/yk.021.062
- canonical/lexmark c6160 firmware
- version/lexmark printer firmware/yk.021.057
- canonical/lexmark cs820
- canonical/lexmark cs820dtfe
- version/lexmark printer firmware/atl
- version/lexmark printer firmware/atl.021.062
- canonical/lexmark cx725
- canonical/lexmark xc4150 firmware