Unauthenticated Password Dump Vulnerability Affects Lenovo Printers
CVE-2024-27911

7.5HIGH

Key Information:

Vendor: Lenovo
Status: Printers
Vendor: CVE Published:; 5 April 2024

Summary

A significant vulnerability in select Lenovo printers has been identified, allowing unauthenticated attackers to obtain the administrator password. This flaw poses a considerable risk to users, potentially enabling unauthorized access to printer settings and configurations. Effective mitigation strategies and timely updates are crucial to protect sensitive information and maintain the integrity of printing operations.

Affected Version(s)

Printers Various

References

https://iknow.lenovo.com.cn/detail/420425

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024

Credit

Lenovo thanks Jia-Ju Bai, Wen-Han Xu, Rui-Nan Hu, Dong Zhang, Cheng Li, Zhen-Yu Guan, and Jian-Wei Liu of the School of Cyber Science and Technology of Beihang University for reporting these issues.