CVE-2019-16758
published 2019-11-21CVE-2019-16758: In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
16.77%
96.6th percentile
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lexmark | services_monitor_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal attempts against TCP port 2070 using /../../../ or URL-encoded ..%2F..%2F..%2F sequences in HTTP GET requests. ↗
- →Monitor HTTP traffic on port 2070 for GET requests containing repeated '../' or URL-encoded '%2F..%2F' path traversal sequences targeting Windows system paths (e.g., /windows/system32/, /windows/SysWOW64/). ↗
- →Identify responses from the rXpress HTTP server (banner: 'Server: rXpress') on port 2070 returning HTTP 200 with large Content-Length values for traversal paths, indicating successful file disclosure. ↗
- ·The vendor confirmed the software (Lexmark Services Monitor 2.27.4.0.39) is End of Life (EOL) and no patch will be released; users must migrate to LRAM. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Nov/17http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_UShttps://www.symantec.com/security-center/vulnerabilities/writeup/110943http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Nov/17http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_UShttps://www.symantec.com/security-center/vulnerabilities/writeup/110943
2019-11-21
Published