CVE-2019-18791

high-risk

Published 2020-02-13

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Cx31X Firmware

Cx41X Firmware

Cx310 Firmware

Ms310 Firmware

Ms312 Firmware

Ms317 Firmware

Ms410 Firmware

M1140 Firmware

Ms315 Firmware

Ms415 Firmware

Ms417 Firmware

Ms51X Firmware

Ms610Dn Firmware

Ms617 Firmware

M1145 Firmware

M3150Dn Firmware

Ms71X Firmware

M5163Dn Firmware

Ms810 Firmware

Ms811 Firmware

Affected Vendors

Lexmark

References (4)

Vendor Advisory http://support.lexmark.com/alerts/

Vendor Advisory http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&act...

Vendor Advisory http://support.lexmark.com/alerts/

Vendor Advisory http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&act...

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 29/34 · Critical