CVE-2018-17944: Infoleak
First published: Tue Mar 12 2019(Updated: )
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark Cx725h Firmware | ||
| Lexmark Cx725h | ||
| Lexmark MC3224i | ||
| Lexmark Cx820 | ||
| Lexmark MC3224i | ||
| Lexmark Cx825 | ||
| Lexmark MC3224i | ||
| Lexmark MC3224i | ||
| Lexmark MC3224i | ||
| Lexmark MC3224i | ||
| Lexmark Xc6152 Firmware | ||
| Lexmark MC3224i | ||
| Lexmark MC3224i | ||
| Lexmark MC3224i | ||
| Lexmark Xc8160 Firmware | ||
| Lexmark MC3224i |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-17944?
CVE-2018-17944 is a vulnerability that affects certain Lexmark devices and allows a malicious administrator to discover LDAP or SMTP credentials.
How can a malicious administrator exploit CVE-2018-17944?
A malicious administrator can exploit CVE-2018-17944 by changing the LDAP or SMTP server's hostname to one they control and capturing the credentials sent there.
Which Lexmark devices are affected by CVE-2018-17944?
The Lexmark devices affected by CVE-2018-17944 include Lexmark Cx725h Firmware, Lexmark MC3224i, Lexmark Cx820, Lexmark Cx825, Lexmark MC3224i, Lexmark MC3224i, Lexmark MC3224i, Lexmark Xc6152 Firmware, Lexmark MC3224i, Lexmark Xc8160 Firmware, and Lexmark MC3224i.
What is the severity of CVE-2018-17944?
CVE-2018-17944 has a severity rating of 4.9, which is considered medium.
How can the CVE-2018-17944 vulnerability be fixed?
To fix the CVE-2018-17944 vulnerability, it is recommended to update the firmware of the affected Lexmark devices and follow the recommendations provided by Lexmark.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lexmark
- canonical/lexmark cx725h firmware
- canonical/lexmark cx725h
- canonical/lexmark mc3224i
- canonical/lexmark cx820
- canonical/lexmark cx825
- canonical/lexmark xc6152 firmware
- canonical/lexmark xc8160 firmware