Memory Management Flaw in Lexmark Printers Exposes Sensitive Data
CVE-2016-3145

4.6MEDIUM

Key Information:

Vendor: Lexmark
Status: Printer Firmware
Vendor: CVE Published:; 22 April 2016

What is CVE-2016-3145?

Lexmark printers running outdated firmware fail to properly handle the Erase Printer Memory and Erase Hard Disk commands. This ineffectiveness allows an attacker with physical access to the device to perform direct read operations on non-volatile memory, potentially exposing sensitive user information. It is critical for users to update to the latest firmware versions to mitigate the risk associated with this vulnerability.

References

http://support.lexmark.com/index?page=content&id=TE760

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2016
Vulnerability Reserved
Mar 14, 2016