CVE-2019-19772

high-risk
Published 2020-03-06

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Cs31X Firmware
Cs41X Firmware
Cs51X Firmware
Cx410 Firmware
Xc2130 Firmware
Cx510 Firmware
Xc2132 Firmware
Ms310 Firmware
Ms312 Firmware
Ms317 Firmware
Ms410 Firmware
M1140 Firmware
Ms315 Firmware
Ms415 Firmware
Ms417 Firmware
Ms51X Firmware
Ms610Dn Firmware
Ms617 Firmware
M1145 Firmware

Affected Vendors

Lexmark

References (2)

Vendor Advisory http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_U...
Vendor Advisory http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_U...
51
/ 100
high-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 29/34 · Critical