Printing Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Apple CUPS40
Easy Software Products CUPS35
Xerox WorkCentre34
Novell iPrint27
CUPS15

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix198
Temporary Fix0
Workaround14
Unavailable7
Not Defined139

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High20
Functional0
Proof-of-Concept72
Unproven10
Not Defined256

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local41
Adjacent25
Network292

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High3
Low51
None304

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required42
None316

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤32
≤417
≤528
≤674
≤744
≤891
≤939
≤1063

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤418
≤549
≤665
≤770
≤857
≤950
≤1046

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤430
≤527
≤674
≤736
≤8108
≤915
≤1064

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤41
≤55
≤617
≤77
≤820
≤921
≤1027

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤102

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k34
<2k54
<5k137
<10k30
<25k50
<50k52
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k284
<2k27
<5k16
<10k15
<25k15
<50k1
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (147): Apple CUPS, Apple cups, Brother HL Network Printer, Brother Printer HL5370, Canon Laser Printer, Canon PIXMA MG7500 Printer, CUPS, cups, cups-filters, cups-pk-helper, Cups Easy, Easy Software Products CUPS, Epson iPrint App, Epson WorkForce Multi-Function Printer, Foomatic, HP Color LaserJet CP3525 Printer, HP Color LaserJet Pro M280-M281 Multifunction Printer, HP Easy Printer Care Software, HP Inkjet Printer, HP LaserJet, HP LaserJet Managed Printer, HP LaserJet Pro MFP M28-M31 Printer, HP Linux Imaging, hp Linux Imaging, HP Linux Imaging And Printing Project, hp Linux Imaging And Printing Project, HP Managed Printing Administration, hp Managed Printing Administration, HP MFP, HP Network Printer, HP OfficeJet 7110 Wide Format ePrinter, HP OfficeJet Enterprise, HP Officejet Pro, HP PageWide, HP PageWide Managed Printer, HP Printer, HP Printing, HP Printing Project, hp Printing Project, HP Sprinter, Intel NetPort Printer Server, Kaf Oseo Quick And Dirty Phpsource Printer, Lenovo Printer LJ4010DN, Lexmark, Lexmark 6500e, Lexmark C, Lexmark C920, Lexmark C935dn, Lexmark Control, Lexmark CX, Lexmark Device, Lexmark G2 Driver, Lexmark G3 Driver, Lexmark G4 Driver, Lexmark M, Lexmark Markvision, Lexmark Markvision Enterprise, Lexmark MS812, Lexmark MX, Lexmark Perceptive Document Filters Library, Lexmark Perspective Document Filter, Lexmark Printer, Lexmark Printer Sharing, Lexmark Pro910 Inkjet, Lexmark Product, Lexmark Products, Lexmark Scan To Network, Lexmark Services Monitor, Lexmark T522 Network Printer, Lexmark Universal Print Driver, Lexmark X, Lexmark X94x, Lexmark X1185 printer, Lexmark XC, Lexmark XM, Lexmark XS, Lexmark Z2420, Linuxfoundation cups-filters, Linuxprinting.org Foomatic, Linux Foundation cups-filters, MakerBot Replicator 5G Printer, Mytty Webapplication Finger Printer, NIPrint LPD-LPR Print Server, node-printer Module, Novell iPrint, Novell iPrint Client, novell Iprint Open Enterprise Server, Novell Iprint Open Enterprise Server 2, Oce North America 3122 Printer, Oki Printing Solutions C5510 Mfp Printer, Pharos PopUp Printer Client, Pre Printing Press, PrinterLogic Print Management Software, PrinterLogic Web Stack, PrinterLogic Windows Client, PrinterOn, PrinterOn Central Print Services, PrinterOn Enterprise, Quiksoft EasyMail MessagePrinter Object, Red Hat system-config-printer, Rico Printer, Ricoh Printer, Ricoh Printer Driver, Samsung Laser Printers, Samsung ML-85P Printer Driver, Samsung Printer, Sharp AR Printer, Tektronix Phaser Network Printer, Xerox CopyCentre, Xerox Phaser 6510, Xerox Printer, Xerox VersaLink B400, Xerox VersaLink B405, Xerox VersaLink B600, Xerox VersaLink B605, Xerox VersaLink B610, Xerox VersaLink B615, Xerox VersaLink B7025, Xerox VersaLink B7030, Xerox VersaLink B7035, Xerox VersaLink C400, Xerox VersaLink C405, Xerox VersaLink C500, Xerox VersaLink C505, Xerox VersaLink C600, Xerox VersaLink C605, Xerox VersaLink C7000, Xerox VersaLink C7020, Xerox VersaLink C7025, Xerox VersaLink C7030, Xerox VersaLink C8000, Xerox VersaLink C8000W, Xerox VersaLink C9000, Xerox WorkCentre, Xerox Workcentre 275, Xerox Workcentre 2636, Xerox Workcentre 5655, Xerox Workcentre 6400 Net Controller, Xerox WorkCentre 6515, Xerox WorkCentre EC7836, Xerox WorkCentre EC7856, Xerox Workcentre M35, Xerox Workcentre M45, Xerox WorkCentre Printer, Xiaomi Mi Jia Ink-Jet Printer, yast2-printer, Zebra Printer

PublishedBaseTempVulnerabilityProductExpRemCTICVE
08/26/20226.86.8Lexmark Product Configuration Setting input validationProductNot DefinedNot Defined0.03CVE-2022-29850
08/25/20227.57.5PrinterLogic Windows Client pathname traversalWindows ClientNot DefinedNot Defined0.00CVE-2022-32427
04/28/20226.56.4Lexmark Device Firmware Update access controlDeviceNot DefinedWorkaround0.04CVE-2022-24935
02/08/20223.53.5Canon Laser Printer cross site scriptingLaser PrinterNot DefinedNot Defined0.03CVE-2021-20877
02/03/20223.53.5PrinterLogic Web Stack cross site scriptingWeb StackNot DefinedNot Defined0.04CVE-2021-42639
02/03/20225.55.5PrinterLogic Web Stack URL server-side request forgeryWeb StackNot DefinedNot Defined0.04CVE-2021-42637
02/03/20226.36.3PrinterLogic Web Stack Driver resource injectionWeb StackNot DefinedNot Defined0.04CVE-2021-42640
02/03/20226.36.3PrinterLogic Web Stack Audit Record sql injectionWeb StackNot DefinedNot Defined0.02CVE-2021-42633
02/03/20224.34.3PrinterLogic Web Stack resource injectionWeb StackNot DefinedNot Defined0.02CVE-2021-42642
02/03/20224.34.3PrinterLogic Web Stack resource injectionWeb StackNot DefinedNot Defined0.03CVE-2021-42641
02/02/20227.77.5PrinterLogic Web Stack stack-based overflowWeb StackNot DefinedOfficial Fix0.03CVE-2021-42638
01/31/20227.77.7PrinterLogic Web Stack hard-coded keyWeb StackNot DefinedNot Defined0.03CVE-2021-42635
01/31/20227.77.7PrinterLogic Web Stack deserializationWeb StackNot DefinedNot Defined0.06CVE-2021-42631
01/21/20224.64.6Lexmark Device Configuration File pathname traversalDeviceNot DefinedNot Defined0.00CVE-2021-44737
01/21/20227.17.1Lexmark Device Initial Admin Account Setup Wizard access controlDeviceNot DefinedNot Defined0.03CVE-2021-44736
01/21/20225.55.5Lexmark Device Embedded Web Server command injectionDeviceNot DefinedNot Defined0.03CVE-2021-44735
01/21/20225.55.3Lexmark Device Postscript Interpreter buffer overflowDeviceNot DefinedNot Defined0.08CVE-2021-44738
01/21/20226.36.1Lexmark Embedded Web Server Privilege EscalationLexmarkNot DefinedNot Defined0.03CVE-2021-44734
11/10/20213.53.5HP Printer/MFP Link cross site scriptingPrinter/MFPNot DefinedNot Defined0.02CVE-2019-18914
11/10/20215.65.6HP Printer/MFP FutureSmart denial of servicePrinter/MFPNot DefinedNot Defined0.03CVE-2019-18912
11/10/20216.66.3HP Officejet Pro/PageWide Managed Printer Print File buffer overflowOfficejet Pro/PageWide Managed PrinterNot DefinedOfficial Fix0.00CVE-2019-16240
11/03/20214.04.0HP LaserJet information disclosureLaserJet/LaserJet Managed Printer/PageWide/PageWide Managed PrinterNot DefinedNot Defined0.04CVE-2021-39237
10/29/20213.53.5HP OfficeJet 7110 Wide Format ePrinter cross site scriptingOfficeJet 7110 Wide Format ePrinterNot DefinedNot Defined0.03CVE-2021-3441
07/19/20218.88.4Lexmark Universal Print Driver access controlUniversal Print Driver/G2 Driver/G3 Driver/G4 DriverNot DefinedOfficial Fix0.00CVE-2021-35449
07/14/20216.36.3Lexmark Printer Installation unquoted search pathPrinterNot DefinedNot Defined0.04CVE-2021-35469

333 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!