CVE-2019-16758
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
En Lexmark Services Monitor versión 2.27.4.0.39 (ejecutándose en el puerto TCP 2070), un atacante remoto puede usar una técnica de salto de directorio usando /../../../ o ..%2F ..%2F ..%2F para obtener archivos locales en el sistema operativo host.
Lexmark Services Monitor version 2.27.4.0.39 suffers from a directory traversal vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-09-24 CVE Reserved
- 2019-11-18 CVE Published
- 2019-11-18 First Exploit
- 2024-08-05 CVE Updated
- 2024-10-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2019/Nov/17 | Mailing List |
|
| http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_US | X_refsource_confirm | |
| https://www.symantec.com/security-center/vulnerabilities/writeup/110943 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47663 | 2019-11-18 | |
| http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lexmark Search vendor "Lexmark" | Services Monitor Firmware Search vendor "Lexmark" for product "Services Monitor Firmware" | 2.27.4.0.39 Search vendor "Lexmark" for product "Services Monitor Firmware" and version "2.27.4.0.39" | - |
Affected
| in | Lexmark Search vendor "Lexmark" | Services Monitor Search vendor "Lexmark" for product "Services Monitor" | - | - |
Safe
|