CVE-2019-16758

HIGH

Lexmark Services Monitor <2.27.4.0.39 - Path Traversal

Title source: llm

Description

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

Exploits (2)

exploitdb WORKING POC

by Kevin Randall · textwebappshardware

https://www.exploit-db.com/exploits/47663

View Code ZIP pw:eip

github NO CODE

by KevinRandall1337 · poc

https://github.com/KevinRandall1337/CVE-Security-Research/tree/master/CVE-2019-16758

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.html

[Third Party Advisory] http://seclists.org/fulldisclosure/2019/Nov/17

[Third Party Advisory] https://www.symantec.com/security-center/vulnerabilities/writeup/110943

[Various Sources] http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_US

Scores

CVSS v3 7.5

EPSS 0.1884

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

lexmark/services_monitor_firmware 2.27.4.0.39

Published Nov 21, 2019

Tracked Since Feb 18, 2026