{"vuid":"VU#108062","idnumber":"108062","name":"Lexmark laser printers contain multiple vulnerabilities","keywords":["Lexmark","XSS","CWE-620","CWE-79","CVE-2013-6032","CVE-2013-6033"],"overview":"Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks.","clean_desc":"CWE-620: Unverified Password Change - CVE-2013-6032\nCertain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote unauthenticated attacker to change the administrative password of the printer's web administration interface. The interface does not perform sufficient validation of the vac.255.GENPASSWORD parameter in POST requests to the /cgi-bin/postpf/cgi-bin/dynamic/config/config.html page, allowing an unauthenticated remote attacker to reset the administrative password to an empty string. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2013-6033\nCertain models of Lexmark laser printers are vulnerable to stored cross-site scripting attacks. The printers' administrative web interface does not perform sufficient validation of user input to the \"Location\" and \"Contact Name\" fields in the \"General Settings\" configuration page. A list of affected models and firmware versions can be found at Lexmark's advisory page. The CVSS score reflects CVE-2013-6032.","impact":"An attacker may be able to run arbitrary script in the context of a victim's browser. The attacker may also be able to gain full administrative control of the printer.","resolution":"Apply an Update Lexmark advises users to update to the latest firmware version. A list of affected models and firmware versions, as well as accompanying fixes, can be found at Lexmark's advisory page.","workarounds":"","sysaffected":"","thanks":"Thanks to Jeff Popio for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["h","t","t","p",":","/","/","s","u","p","p","o","r","t",".","l","e","x","m","a","r","k",".","c","o","m","/","a","l","e","r","t","s"],"cveids":["CVE-2013-6032","CVE-2013-6033 "],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-10-11T19:17:43Z","publicdate":"2014-01-31T00:00:00Z","datefirstpublished":"2014-01-31T15:34:27Z","dateupdated":"2014-01-31T15:34:31Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:C","cvss_temporalscore":"7.4","cvss_environmentalscore":"1.85365240283948","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}