CVE-2019-16758
28Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 17%
from disclosure to weapon0 days
Published on NVDNov 21
1st PoCNov 18
exploitation probability
17%top 3% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47663unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Nov/17http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_UShttps://www.symantec.com/security-center/vulnerabilities/writeup/110943