Skip to Content Information Center
Lexmark CX522

Lexmark CX522

Not your product?

Lexmark Security Advisory: TLS Protocol Vulnerability (CVE-2019-1559)

Lexmark Security Advisory:

Revision: 1.1
Last update: 22-June-2020
Public Release Date: 26-June-2020

Summary

TLS Padding Oracle vulnerability in Lexmark devices.

References

CVE: CVE-2019-1559

Details

A vulnerability in the TLS protocol in Lexmark devices has been identified that can be exploited by a “Man In The Middle” attack to decrypt data in the TLS stream.

CVSSv3 Base Score5.9(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Impact Subscore:3.6
Exploitability Subscore:2.2

CVSSv3 scores are calculated in accordance with CVSS version 3.1 (https://www.first.org/cvss/user-guide)

Impact

Successful exploitation of this vulnerability can lead to the disclosure of information from a TLS connection.

Affected Products

To determine a device's firmware level, select the Settings > Reports > Menu Setting Page menu item from the operator panel.

If the firmware level listed under Device Information matches any level under Affected Releases, then upgrade to a Fixed Release.

Lexmark ModelsAffected ReleasesFixed Releases
B2236MSLSG.072.202 and previousMSLSG.072.203 and later
MS331, MS431MSLBD.072.202 and previousMSLBD.072.203 and later
M1241MSLBD.072.202 and previousMSLBD.072.203 and later
B3442, B3340MSLBD.072.202 and previousMSLBD.072.203 and later
MB2236MXLSG.072.202 and previousMXLSG.072.203 and later
MX431, MX331MXLBD.072.202 and previousMXLBD.072.203 and later
MB3442MXLBD.072.202 and previousMXLBD.072.203 and later
MS521MSNGM.072.202 and previousMSNGM.072.203 and later
MS621, MS622MSTGM.072.202 and previousMSTGM.072.203 and later
M1246, M3250MSTGM.072.202 and previousMSTGM.072.203 and later
B2546, B2650MSTGM.072.202 and previousMSTGM.072.203 and later
MX421, MX521, MX522, MX622MXTGM.072.202 and previousMXTGM.072.203 and later
XM1242, XM1246, XM3250MXTGM.072.202 and previousMXTGM.072.203 and later
MB2546, MB2650MXTGM.072.202 and previousMXTGM.072.203 and later
MX321MXNGM.072.202 and previousMXNGM.072.203 and later
MB2338MXNGM.072.202 and previousMXNGM.072.203 and later
MS725, MS821MSNGW.072.202 and previousMSNGW.072.203 and later
MS822, MS823, MS825, MS826MSTGW.072.202 and previousMSTGW.072.203 and later
M5255, M5270MSTGW.072.202 and previousMSTGW.072.203 and later
B2865MSTGW.072.202 and previousMSTGW.072.203 and later
MX721, MX722, MX822, MX826MXTGW.072.202 and previousMXTGW.072.203 and later
XM5365, XM7355, XM7370MXTGW.072.202 and previousMXTGW.072.203 and later
C3426CSLBN.072.202 and previousCSLBN.072.203 and later
CS431CSLBN.072.202 and previousCSLBN.072.203 and later
CS331CSLBL.072.202 and previousCSLBL.072.203 and later
C3224CSLBL.072.202 and previousCSLBL.072.203 and later
C3326CSLBL.072.202 and previousCSLBL.072.203 and later
MC3426CXLBN.072.202 and previousCXLBN.072.203 and later
CX431CXLBN.072.202 and previousCXLBN.072.203 and later
MC3326, MC3224CXLBL.072.202 and previousCXLBL.072.203 and later
CX331CXLBL.072.202 and previousCXLBL.072.203 and later
CS622CSTZJ.072.202 and previousCSTZJ.072.203 and later
C2240CSTZJ.072.202 and previousCSTZJ.072.203 and later
CS421, CS521CSNZJ.072.202 and previousCSNZJ.072.203 and later
C2535, C2325, C2425CSNZJ.072.202 and previousCSNZJ.072.203 and later
CX522, CX622, CX625CXTZJ.072.202 and previousCXTZJ.072.203 and later
XC2235, XC4240CXTZJ.072.202 and previousCXTZJ.072.203 and later
MC2535, MC2640CXTZJ.072.202 and previousCXTZJ.072.203 and later
CX421CXNZJ.072.202 and previousCXNZJ.072.203 and later
MC2325, MC2425CXNZJ.072.202 and previousCXNZJ.072.203 and later
CX820, CX825, CX860CXTPP.072.202 and previousCXTPP.072.203 and later
XC6152, XC8155, XC8160CXTPP.072.202 and previousCXTPP.072.203 and later
CS820CSTPP.072.202 and previousCSTPP.072.203 and later
C6160CSTPP.072.202 and previousCSTPP.072.203 and later
CS720, CS725CSTAT.072.202 and previousCSTAT.072.203 and later
C4150CSTAT.072.202 and previousCSTAT.072.203 and later
CX725CXTAT.072.202 and previousCXTAT.072.203 and later
XC4140, XC4150CXTAT.072.202 and previousCXTAT.072.203 and later
CS921, CS923CSTMH.072.202 and previousCSTMH.072.203 and later
CX921, CX922, CX923, CX924CXTMH.072.202 and previousCXTMH.072.203 and later
XC92xxCXTMH.072.202 and previousCXTMH.072.203 and later
CS31xLW74.VYL.P273 and previousLW74.VYL.P274 and later
CS41xLW74.VY2.P273 and previousLW74.VY2.P274 and later
CS51xLW74.VY4.P273 and previousLW74.VY4.P274 and later
CX310LW74.GM2.P273 and previousLW74.GM2.P274 and later
CX410 & XC2130LW74.GM4.P273 and previousLW74.GM4.P274 and later
CX510 & XC2132LW74.GM7.P273 and previousLW74.GM7.P274 and later
MS310, MS312, MS317LW74.PRL.P273 and previousLW74.PRL.P274 and later
MS410, M1140LW74.PRL.P273 and previousLW74.PRL.P274 and later
MS315, MS415, MS417LW74.TL2.P273 and previousLW74.TL2.P274 and later
MS51x, MS610dn, MS617LW74.PR2.P273 and previousLW74.PR2.P274 and later
M1145, M3150dnLW74.PR2.P273 and previousLW74.PR2.P274 and later
MS610de, M3150LW74.PR4.P273 and previousLW74.PR4.P274 and later
MS810, MS811, MS812, MS817, MS818LW74.DN2.P273 and previousLW74.DN2.P274 and later
MS810de, M5155, M5163LW74.DN4.P273 and previousLW74.DN4.P274 and later
MS812de, M5170LW74.DN7.P273 and previousLW74.DN7.P274 and later
MS91xLW74.SA.P273 and previousLW74.SA.P274 and later
MX31x, XM1135LW74.SB2.P273 and previousLW74.SB2.P274 and later
MX410, MX510 & MX511LW74.SB4.P273 and previousLW74.SB4.P274 and later
XM1140, XM1145LW74.SB4.P273 and previousLW74.SB4.P274 and later
MX610 & MX611LW74.SB7.P273 and previousLW74.SB7.P274 and later
XM3150LW74.SB7.P273 and previousLW74.SB7.P274 and later
MX71x, MX81xLW74.TU.P273 and previousLW74.TU.P274 and later
XM51xx & XM71xxLW74.TU.P273 and previousLW74.TU.P274 and later
MX91x & XM91xLW74.MG.P273 and previousLW74.MG.P274 and later
MX6500eLW74.JD.P273 and previousLW74.JD.P274 and later
C746LHS60.CM2.P737 and previousLHS60.CM2.P738 and later
C748, CS748LHS60.CM4.P737 and previousLHS60.CM4.P738 and later
C792, CS796LHS60.HC.P737 and previousLHS60.HC.P738 and later
C925LHS60.HV.P737 and previousLHS60.HV.P738 and later
C950LHS60.TP.P737 and previousLHS60.TP.P738 and later
X548 & XS548LHS60.VK.P737 and previousLHS60.VK.P738 and later
X74x & XS748LHS60.NY.P737 and previousLHS60.NY.P738 and later

X792 & XS79x

LHS60.MR.P737 and previousLHS60.MR.P738 and later
X925 & XS925LHS60.HK.P737 and previousLHS60.HK.P738 and later
X95x & XS95xLHS60.TQ.P737 and previousLHS60.TQ.P738 and later
6500eLHS60.JR.P737 and previousLHS60.JR.P738 and later
C734LR.SK.P824 and previousLR.SK.P825 and later
C736LR.SKE.P824 and previousLR.SKE.P825 and later
E46xLR.LBH.P824 and previousLR.LBH.P825 and later
T65xLR.JP.P824 and previousLR.JP.P825 and later
X46xLR.BS.P824 and previousLR.BS.P825 and later
X65x LR.MN.P824 and previousLR.MN.P825 and later
X73xLR.FL.P824 and previousLR.FL.P825 and later
W850LP.JB.P823 and previousLP.JB.P824 or later
X86xLP.SP.P823 and previousLP.SP.P824 or later

Obtained Updated Software

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center at http://support.lexmark.com to find your local support center.

Workarounds

Lexmark recommends a firmware update if your device has affected firmware.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.

Status of this Notice:

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND IS PROVIDED WITHOUT ANY EXPRESS OR IMPLIED GUARANTEE OR WARRANTY WHATSOEVER, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR USE OR PURPOSE. LEXMARK RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Distribution

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

RevisionDateReason
1.019 - June- 2020Initial Public Release
1.126 - June - 2020Updated list of Affected Products

Top

LEGACY ID: TE938
Was this article helpful?


Related content

Top