CVE-2016-3145

MEDIUM

Lexmark Printer Firmware < pp.021.062 - Information Disclosure

Title source: rule

Description

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.

References (1)

[Vendor Advisory] http://support.lexmark.com/index?page=content&id=TE760

Scores

CVSS v3 4.6

EPSS 0.0006

EPSS Percentile 19.5%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

lexmark/printer_firmware < pp.021.062

Timeline

Published Apr 22, 2016

Tracked Since Feb 18, 2026