cbcvebase.
CVE-2019-16758
published 2019-11-21

CVE-2019-16758: In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or…

PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
16.77%
96.6th percentile
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

Affected

1 ranges
VendorProductVersion rangeFixed in
lexmarkservices_monitor_firmware

Detection & IOCsextracted from sources · hover to see the quote

port2070
url/../../../../../../windows/SysWOW64/PerfStringBackup.ini
url/../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini
url/../../../../../windows/system32/drivers/etc/services
otherServer: rXpress
  • Detect directory traversal attempts against TCP port 2070 using /../../../ or URL-encoded ..%2F..%2F..%2F sequences in HTTP GET requests.
  • Monitor HTTP traffic on port 2070 for GET requests containing repeated '../' or URL-encoded '%2F..%2F' path traversal sequences targeting Windows system paths (e.g., /windows/system32/, /windows/SysWOW64/).
  • Identify responses from the rXpress HTTP server (banner: 'Server: rXpress') on port 2070 returning HTTP 200 with large Content-Length values for traversal paths, indicating successful file disclosure.
  • ·The vendor confirmed the software (Lexmark Services Monitor 2.27.4.0.39) is End of Life (EOL) and no patch will be released; users must migrate to LRAM.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.