Printing Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Xerox52
Apple49
Lexmark46
HP37
Not Defined36

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Apple CUPS40
Easy Software Products CUPS35
Xerox WorkCentre34
Novell iPrint27
CUPS15

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix194
Temporary Fix0
Workaround13
Unavailable0
Not Defined138

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High20
Functional0
Proof-of-Concept72
Unproven10
Not Defined243

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local41
Adjacent20
Network284

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High3
Low45
None297

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required40
None305

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤32
≤415
≤526
≤673
≤740
≤887
≤939
≤1063

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤416
≤547
≤664
≤768
≤851
≤950
≤1046

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤428
≤525
≤672
≤732
≤8105
≤915
≤1064

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤41
≤55
≤617
≤77
≤820
≤915
≤1027

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤102

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k30
<2k51
<5k131
<10k31
<25k38
<50k63
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k266
<2k30
<5k18
<10k14
<25k16
<50k0
<100k1
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (144): Apple CUPS, Apple cups, Brother HL Network Printer, Brother Printer HL5370, Canon PIXMA MG7500 Printer, cups, CUPS, cups-filters, cups-pk-helper, Cups Easy, Easy Software Products CUPS, Epson iPrint App, Epson WorkForce Multi-Function Printer, Foomatic, HP Color LaserJet CP3525 Printer, HP Color LaserJet Pro M280-M281 Multifunction Printer, HP Easy Printer Care Software, HP Inkjet Printer, HP LaserJet, HP LaserJet Managed Printer, HP LaserJet Pro MFP M28-M31 Printer, hp Linux Imaging, HP Linux Imaging, HP Linux Imaging And Printing Project, hp Linux Imaging And Printing Project, hp Managed Printing Administration, HP Managed Printing Administration, HP MFP, HP Network Printer, HP OfficeJet 7110 Wide Format ePrinter, HP OfficeJet Enterprise, HP Officejet Pro, HP PageWide, HP PageWide Managed Printer, HP Printer, HP Printing, HP Printing Project, hp Printing Project, HP Sprinter, Intel NetPort Printer Server, Kaf Oseo Quick And Dirty Phpsource Printer, Lenovo Printer LJ4010DN, Lexmark, Lexmark 6500e, Lexmark C, Lexmark C920, Lexmark C935dn, Lexmark Control, Lexmark CX, Lexmark Device, Lexmark G2 Driver, Lexmark G3 Driver, Lexmark G4 Driver, Lexmark M, Lexmark Markvision, Lexmark Markvision Enterprise, Lexmark MS812, Lexmark MX, Lexmark Perceptive Document Filters Library, Lexmark Perspective Document Filter, Lexmark Printer, Lexmark Printer Sharing, Lexmark Pro910 Inkjet, Lexmark Product, Lexmark Products, Lexmark Scan To Network, Lexmark Services Monitor, Lexmark T522 Network Printer, Lexmark Universal Print Driver, Lexmark X, Lexmark X94x, Lexmark X1185 printer, Lexmark XC, Lexmark XM, Lexmark XS, Lexmark Z2420, Linuxfoundation cups-filters, Linuxprinting.org Foomatic, Linux Foundation cups-filters, MakerBot Replicator 5G Printer, Mytty Webapplication Finger Printer, NIPrint LPD-LPR Print Server, node-printer Module, Novell iPrint, Novell iPrint Client, novell Iprint Open Enterprise Server, Novell Iprint Open Enterprise Server 2, Oce North America 3122 Printer, Oki Printing Solutions C5510 Mfp Printer, Pharos PopUp Printer Client, Pre Printing Press, PrinterLogic Print Management Software, PrinterOn, PrinterOn Central Print Services, PrinterOn Enterprise, Quiksoft EasyMail MessagePrinter Object, Red Hat system-config-printer, Rico Printer, Ricoh Printer, Ricoh Printer Driver, Samsung Laser Printers, Samsung ML-85P Printer Driver, Samsung Printer, Sharp AR Printer, Tektronix Phaser Network Printer, Xerox CopyCentre, Xerox Phaser 6510, Xerox Printer, Xerox VersaLink B400, Xerox VersaLink B405, Xerox VersaLink B600, Xerox VersaLink B605, Xerox VersaLink B610, Xerox VersaLink B615, Xerox VersaLink B7025, Xerox VersaLink B7030, Xerox VersaLink B7035, Xerox VersaLink C400, Xerox VersaLink C405, Xerox VersaLink C500, Xerox VersaLink C505, Xerox VersaLink C600, Xerox VersaLink C605, Xerox VersaLink C7000, Xerox VersaLink C7020, Xerox VersaLink C7025, Xerox VersaLink C7030, Xerox VersaLink C8000, Xerox VersaLink C8000W, Xerox VersaLink C9000, Xerox WorkCentre, Xerox Workcentre 275, Xerox Workcentre 2636, Xerox Workcentre 5655, Xerox Workcentre 6400 Net Controller, Xerox WorkCentre 6515, Xerox WorkCentre EC7836, Xerox WorkCentre EC7856, Xerox Workcentre M35, Xerox Workcentre M45, Xerox WorkCentre Printer, Xiaomi Mi Jia Ink-Jet Printer, yast2-printer, Zebra Printer

PublishedBaseTempVulnerabilityProdExpRemCTICVE
01/21/20224.64.6Lexmark Device Configuration File pathname traversalDeviceNot DefinedNot Defined0.22CVE-2021-44737
01/21/20227.17.1Lexmark Device Initial Admin Account Setup Wizard access controlDeviceNot DefinedNot Defined0.06CVE-2021-44736
01/21/20225.55.5Lexmark Device Embedded Web Server command injectionDeviceNot DefinedNot Defined0.22CVE-2021-44735
01/21/20225.55.3Lexmark Device Postscript Interpreter buffer overflowDeviceNot DefinedNot Defined0.72CVE-2021-44738
01/21/20226.36.1Lexmark Embedded Web Server Privilege EscalationLexmarkNot DefinedNot Defined0.33CVE-2021-44734
11/10/20213.53.5HP Printer/MFP Link cross site scriptingPrinter/MFPNot DefinedNot Defined0.04CVE-2019-18914
11/10/20215.65.6HP Printer/MFP FutureSmart denial of servicePrinter/MFPNot DefinedNot Defined0.00CVE-2019-18912
11/10/20216.66.3HP Officejet Pro/PageWide Managed Printer Print File buffer overflowOfficejet Pro/PageWide Managed PrinterNot DefinedOfficial Fix0.05CVE-2019-16240
11/03/20214.04.0HP LaserJet information disclosureLaserJet/LaserJet Managed Printer/PageWide/PageWide Managed PrinterNot DefinedNot Defined0.17CVE-2021-39237
10/29/20213.53.5HP OfficeJet 7110 Wide Format ePrinter cross site scriptingOfficeJet 7110 Wide Format ePrinterNot DefinedNot Defined0.00CVE-2021-3441
07/19/20218.88.4Lexmark Universal Print Driver access controlUniversal Print Driver/G2 Driver/G3 Driver/G4 DriverNot DefinedOfficial Fix0.05CVE-2021-35449
07/14/20216.36.3Lexmark Printer Installation unquoted search pathPrinterNot DefinedNot Defined0.00CVE-2021-35469
03/30/20216.36.0Xerox VersaLink C9000 Web User Interface Privilege EscalationPhaser 6510/WorkCentre 6515/VersaLink B400/VersaLink B405/VersaLink B600/VersaLink B610/VersaLink B605/VersaLink B615/VersaLink B7025/VersaLink B7030/VersaLink B7035/VersaLink C400/VersaLink C405/VersaLink C500/VersaLink C600/VersaLink C505/VersaLink C605/VersaLink C7000/VersaLink C7020/VersaLink C7025/VersaLink C7030/VersaLink C8000/VersaLink C9000Not DefinedOfficial Fix0.05CVE-2021-28673
03/30/20216.36.0Xerox Phaser 6510 Parameter buffer overflowPhaser 6510/WorkCentre 6515/VersaLink B400/VersaLink B405/VersaLink B600/VersaLink B610/VersaLink B605/VersaLink B615/VersaLink B7025/VersaLink B7030/VersaLink B7035/VersaLink C400/VersaLink C405/VersaLink C500/VersaLink C600/VersaLink C505/VersaLink C605/VersaLink C7000/VersaLink C7020/VersaLink C7025/VersaLink C7030/VersaLink C8000/VersaLink C9000/VersaLink C8000WNot DefinedOfficial Fix0.04CVE-2021-28672
03/30/20216.36.0Xerox Phaser 6510 Web User Interface Privilege EscalationPhaser 6510/WorkCentre 6515/VersaLink B400/VersaLink B405/VersaLink B600/VersaLink B610/VersaLink B605/VersaLink B615/VersaLink B7025/VersaLink B7030/VersaLink B7035/VersaLink C400/VersaLink C405/VersaLink C500/VersaLink C600/VersaLink C505/VersaLink C605/VersaLink C7000/VersaLink C7020/VersaLink C7025/VersaLink C7030/VersaLink C8000/VersaLink C9000/VersaLink C8000WNot DefinedOfficial Fix0.05CVE-2021-28671
01/27/20215.55.5Xerox WorkCentre credentials storageWorkCentreNot DefinedNot Defined0.00CVE-2020-36201
10/09/20204.84.6Xerox WorkCentre EC7836/WorkCentre EC7856 Description Page cross site scriptingWorkCentre EC7836/WorkCentre EC7856Not DefinedOfficial Fix0.04CVE-2020-26162
06/24/20208.58.2Xiaomi Mi Jia Ink-Jet Printer Web Management injectionMi Jia Ink-Jet PrinterNot DefinedOfficial Fix0.07CVE-2020-10561
05/28/20205.35.1Lenovo Printer LJ4010DN denial of servicePrinter LJ4010DNNot DefinedOfficial Fix0.03CVE-2020-8330
05/28/20205.35.1Lenovo Printer LJ4010DN denial of servicePrinter LJ4010DNNot DefinedOfficial Fix0.00CVE-2020-8329
04/28/20204.44.4Lexmark Printer cross site scriptingPrinterNot DefinedNot Defined0.03CVE-2020-10094
04/28/20204.44.3Lexmark Pro910 Inkjet cross site scriptingPro910 InkjetNot DefinedWorkaround0.03CVE-2020-10093
03/16/20208.58.5HP Printer improper authenticationPrinterNot DefinedNot Defined0.06CVE-2019-18917
03/10/20207.47.4Lexmark C/M/X/6500e Embedded Web Server path traversalC/M/X/6500eNot DefinedNot Defined0.05CVE-2018-18894
03/06/20204.44.4Lexmark Product Embedded Web Server Stored cross site scriptingProductNot DefinedNot Defined0.07CVE-2019-19773

320 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 320 results.

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!