Skip to Content Information Center
Lexmark T650

Lexmark T650

Not your product?

Lexmark Security Advisory: FREAK: Factoring Attack on RSA-Export Vulnerability

FREAK: Factoring Attack on RSA-Export Vulnerability (CVE-2015-0204)

Lexmark has learned of a vulnerability in some implementations of the SSL/TLS protocol that allows an attacker to compromise communications over that protocol.

Lexmark Security Advisory:

Revision: 1.0
Last update: 14 April 2015
Public Release Date: 20 April 2015

Summary

FREAK: (Factoring Attack on RSA-EXPORT Keys) vulnerability

A vulnerability was disclosed in some implementations of the SSL/TLS protocol that allow an attacker to downgrade the encryption used by the protocol.

References

CVE: CVE-2015-0204, CVE-2015-1637

Details

A SSL/TLS protocol vulnerability, nicknamed FREAK, has been identified that allows a man-in-the-middle (MITM) attacker to force the significant downgrade of the encryption used to protect the SSL/TLS communication. Many SSL/TLS implementations are affected including both OpenSSL and MS Schannel.

CVSS Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Impact Subscore: 6.9
Exploitability Subscore: 10

CVSS scores are calculated in accordance with CVSS version 2.0 (http://www.first.org/cvss/cvss-guide.html).

Impact

Successful exploitation of this vulnerability can lead to the disclosure and/or modification of information traveling over the affected SSL/TLS communication channel.

Affected Products

The following products are known to be affected. For specific details, see “Product Specific Information” below.

Lexmark is assessing each product and will update this advisory as more information becomes available.

  • Lexmark printer products

Product Specific Information

Lexmark is individually assessing each product and will update this advisory as more information becomes available.

Laser printer products

The following printers and MFPs are affected:

To determine a devices firmware level, select the “Reports”->”Menu Setting Page” menu item from the operator panel. If the firmware level listed under “Device Information” matches any level under “Affected Releases”, then upgrade to a “Fixed Release.”

Lexmark Models Affected Releases Fixed Releases
CS31xLW41.VYL.P486 and previousLW41.VYL.P487 and later
CS41xLW41.VY2.P486 and previousLW41.VY2.P487 and later
CS51xLW41.VY4.P486 and previousLW41.VY4.P487 and later
CX310LW41.GM2.P486 and previousLW41.GM2.P487 and later
CX410LW41.GM4.P486 and previousLW41.GM4.P487 and later
CX510LW41.GM7.P486 and previousLW41.GM7.P487 and later
XC2132LW41.GM7.P486 and previousLW41.GM7.P487 and later
MS310LW41.PRL.P4816and previousLW41.PRL.P487 and later
MS312LW41.PRL.P4816and previousLW41.PRL.P487 and later
MS315LW41.TL2.P486 and previousLW41.TL2.P487 and later
MS410LW41.PRL.P486 and previousLW41.PRL.P487 and later
MS415LW41.TL2.P486 and previousLW41.TL2.P487 and later
MS51xLW41.PR2.P486 and previousLW41.PR2.P487 and later
MS610dn & MS610dtnLW41.PR2.P486 and previousLW41.PR2.P487 and later
M1145 & M3150dnLW41.PR2.P486 and previousLW41.PR2.P487 and later
MS610de & MS610dteLW41.PR4.P486 and previousLW41.PR4.P487 and later
M3150LW41.PR4.P486 and previousLW41.PR4.P487 and later
MS71xLW41.DN2.P486 and previousLW41.DN2.P487 and later
MS810n, MS810dn & MS810dtnLW41.DN2.P486 and previousLW41.DN2.P487 and later
MS811LW41.DN2.P486 and previousLW41.DN2.P487 and later
MS812dn, MS812dtnLW41.DN2.P486 and previousLW41.DN2.P487 and later
M5163dnLW41.DN2.P486 and previousLW41.DN2.P487 and later
MS810deLW41.DN4.P486 and previousLW41.DN4.P487 and later
M5155 & M5163LW41.DN4.P486 and previousLW41.DN4.P487 and later
MS812deLW41.DN7.P486 and previousLW41.DN7.P487 and later
M5170LW41.DN7.P486 and previousLW41.DN7.P487 and later
MS91xLW41.SA.P486 and previousLW41.SA.P487 and later
MX310LW41.SB2.P486 and previousLW41.SB2.P487 and later
MX410, MX510 & MX511LW41.SB4.P486 and previousLW41.SB4.P487 and later
XM1145LW41.SB4.P486 and previousLW41.SB4.P487 and later
MX610 & MX611LW41.SB7.P486 and previousLW41.SB7.P487 and later
XM3150LW41.SB7.P486 and previousLW41.SB7.P487 and later
MX71xLW41.TU.P486 and previousLW41.TU.P487 and later
MX81xLW41.TU.P486 and previousLW41.TU.P487 and later
XM51xx & XM71xxLW41.TU.P486 and previousLW41.TU.P487 and later
MX91xLW41.MG.P486 and previousLW41.MG.487 and later
MX6500eLW41.JD.P486 and previousLW41.JD.487 and later
C746LHS41.CM2.P476 and previousLHS41.CM2.P477 and later
C748 & CS748LHS41.CM4.P476 and previousLHS41.CM4.P477 and later
C79x & CS796LHS41.HC.P476 and previousLHS41.HC.P477 and later
C925LHS41.HV.P476 and previousLHS41.HV.P477 and later
C95xLHS41.TP.P476 and previousLHS41.TP.P477 and later
X548 & XS548LHS41.VK.P476 and previousLHS41.VK.P477 and later
X74x & XS748LHS41.NY.P476 and previousLHS41.NY.P477 and later
X792 & XS79xLHS41.MR.P476 and previousLHS41.MR.P477 and later
X925 & XS925LHS41.HK.P476 and previousLHS41.HK.P477 and later
X95x & XS95xLHS41.TQ.P476 and previousLHS41.TQ.P477 and later
6500eLHS41.JR.P476 and previousLHS41.JR.P477 and later
C734LR.SK.P696 and previousLR.SK.P697 and later
C736LR.SKE.P694 and previousLR.SKE.P695 and later
E46xLR.LBH.P675 and previousLR.LBH.P676 and later
T650 & T652LR.JP.P684 and previousLR.JP.P685 and later
T654LR.JP.P684 and previousLR.JP.P685 and later
T656LSJ.SJ.P044 and previousLSJ.SJ.P045 and later
W85xLR.JB.P647 and previousLR.JB.P648 and later
X46xLR.BS.P698 and previousLR.BS.P699 and later
X65xLR.MN.P700 and previousLR.MN.P701 and later
X73xLR.FL.P698 and previousLR.FL.P699 and later
X86xLP.SP.P700 and previousLP.SP.P701 and later
C54xLL.AS.P536 and previousLL.AS.P537 and later
E26xLL.LBL.P541 and previousLL.LBL.P542 and later
E36xLL.LBM.P541 and previousLL.LBM.P542 and later
X26xLL.BZ.P546 and previousLL.BZ.P547 and later
X36xLL.BZ.P546 and previousLL.BZ.P547 and later
X54xLL.EL.P546 and previousLL.EL.P547 and later
C52xLS.FA.P152 and previousLS.FA.P153 and later
C53xLS.SW.P071 and previousLS.SW.P072 and later
C77xLC.CM.P503 and previousLC.CM.P054 and later
C78xLC.IO.P190 and previousLC.IO.P190 and later
C92xLS.TA.P154 and previousLS.TA.P155 and later
C93xLC.JO.P095 and previousLC.JO.P096 and later
E45xLM.SZ.P124 and previousLM.SZ.P125 and later
T64xLS.ST.P353 and previousLS.ST.P354 and later
W84xLS.HA.P254 and previousLS.HA.P255 and later
X642LC2.MB.P318 and previousLC2.MB.P319 and later
X644/X646LC2.MC.P377 and previousLC2.MC.P378 and later
X64xefLC2.TI.P329 and previousLC2.TI.P330 and later
X77xLC2.TR.P291 and previousLC2.TR.P292 and later
X78xLC2.TO.P339 and previousLC2.TO.P340 and later
X85xLC4.BE.P491 and previousLC4.BE.P492 and later
X94xLC.BR.P153 and previousLC.BR.P154 and later
N4000LC.MD.P119 and previousContact Lexmark
N4050eGO.GO.N206 and previousContact Lexmark
N7xxeLC.CO.N309 and previousContact Lexmark

Obtaining Updated Software

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center at http://support.lexmark.com to find your local support center.

Workarounds

Lexmark recommends updating firmware to address this issue.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

Distribution

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts.

Future updates to this document will be posted at the same location on Lexmark’s web site.

Revision History

RevisionDateReason
1.0 20 – April – 2015 Initial Public Release

LEGACY ID: TE701
Was this article helpful?


Related content

Top