CVE-2024-27912 (GCVE-0-2024-27912)
Vulnerability from cvelistv5 – Published: 2024-04-05 20:47 – Updated: 2024-08-02 00:41
VLAI
Summary
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Printers |
Affected:
Various
|
|
| lenovo | lingxlang_g262dn_firmware |
Affected:
1.00.19
cpe:2.3:o:lenovo:lingxlang_g262dn_firmware:1.00.19:*:*:*:*:*:*:* |
|
| lenovo | lingxlang_g336dn_firmware |
Affected:
1.00.20
cpe:2.3:o:lenovo:lingxlang_g336dn_firmware:1.00.20:*:*:*:*:*:*:* |
|
| lenovo | lingxlang_lj2320dn_firmware |
Affected:
1.00.10
cpe:2.3:o:lenovo:lingxlang_lj2320dn_firmware:1.00.10:*:*:*:*:*:*:* |
|
| lenovo | lj2310n_firmware |
Affected:
1.00.10
cpe:2.3:o:lenovo:lj2310n_firmware:1.00.10:*:*:*:*:*:*:* |
|
| lenovo | lingxlang_gm265dn_firmware |
Affected:
1.00.26
cpe:2.3:o:lenovo:lingxlang_gm265dn_firmware:1.00.26:*:*:*:*:*:*:* |
|
| lenovo | lingxlang_gm337dn_firmware |
Affected:
1.00.24
cpe:2.3:o:lenovo:lingxlang_gm337dn_firmware:1.00.24:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:lingxlang_g262dn_firmware:1.00.19:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lingxlang_g262dn_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.19"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:lingxlang_g336dn_firmware:1.00.20:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lingxlang_g336dn_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:lingxlang_lj2320dn_firmware:1.00.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lingxlang_lj2320dn_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.10"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:lj2310n_firmware:1.00.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lj2310n_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.10"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:lingxlang_gm265dn_firmware:1.00.26:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lingxlang_gm265dn_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.26"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:lingxlang_gm337dn_firmware:1.00.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lingxlang_gm337dn_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.00.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:15:18.485167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:57:13.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/420425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printers",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Jia-Ju Bai, Wen-Han Xu, Rui-Nan Hu, Dong Zhang, Cheng Li, Zhen-Yu Guan, and Jian-Wei Liu of the School of Cyber Science and Technology of Beihang University for reporting these issues. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets."
}
],
"value": "A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:47:09.905Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/420425"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade printer firmware to the version (or later) listed in the Product Impact section of LEN-148876 - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/420425\"\u003ehttps://iknow.lenovo.com.cn/detail/420425\u003c/a\u003e"
}
],
"value": "Upgrade printer firmware to the version (or later) listed in the Product Impact section of LEN-148876 - https://iknow.lenovo.com.cn/detail/420425 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-27912",
"datePublished": "2024-04-05T20:47:09.905Z",
"dateReserved": "2024-02-27T16:12:55.968Z",
"dateUpdated": "2024-08-02T00:41:55.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-27912",
"date": "2026-06-24",
"epss": "0.00547",
"percentile": "0.41543"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.\"}, {\"lang\": \"es\", \"value\": \"Se inform\\u00f3 una vulnerabilidad de denegaci\\u00f3n de servicio en algunas impresoras Lenovo que podr\\u00eda permitir que un atacante provocara la falla del dispositivo mediante el env\\u00edo de paquetes LPD manipulados.\"}]",
"id": "CVE-2024-27912",
"lastModified": "2024-11-21T09:05:24.420",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-05T21:15:09.470",
"references": "[{\"url\": \"https://iknow.lenovo.com.cn/detail/420425\", \"source\": \"psirt@lenovo.com\"}, {\"url\": \"https://iknow.lenovo.com.cn/detail/420425\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-27912\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2024-04-05T21:15:09.470\",\"lastModified\":\"2024-11-21T09:05:24.420\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.\"},{\"lang\":\"es\",\"value\":\"Se inform\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en algunas impresoras Lenovo que podr\u00eda permitir que un atacante provocara la falla del dispositivo mediante el env\u00edo de paquetes LPD manipulados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://iknow.lenovo.com.cn/detail/420425\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"https://iknow.lenovo.com.cn/detail/420425\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27912\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-08T16:15:18.485167Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:lenovo:lingxlang_g262dn_firmware:1.00.19:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lingxlang_g262dn_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.19\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:lenovo:lingxlang_g336dn_firmware:1.00.20:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lingxlang_g336dn_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.20\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:lenovo:lingxlang_lj2320dn_firmware:1.00.10:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lingxlang_lj2320dn_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:lenovo:lj2310n_firmware:1.00.10:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lj2310n_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:lenovo:lingxlang_gm265dn_firmware:1.00.26:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lingxlang_gm265dn_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.26\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:lenovo:lingxlang_gm337dn_firmware:1.00.24:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"lingxlang_gm337dn_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00.24\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T15:57:08.140Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lenovo thanks Jia-Ju Bai, Wen-Han Xu, Rui-Nan Hu, Dong Zhang, Cheng Li, Zhen-Yu Guan, and Jian-Wei Liu of the School of Cyber Science and Technology of Beihang University for reporting these issues. \"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Lenovo\", \"product\": \"Printers\", \"versions\": [{\"status\": \"affected\", \"version\": \"Various\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade printer firmware to the version (or later) listed in the Product Impact section of LEN-148876 - https://iknow.lenovo.com.cn/detail/420425 \", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade printer firmware to the version (or later) listed in the Product Impact section of LEN-148876 - \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://iknow.lenovo.com.cn/detail/420425\\\"\u003ehttps://iknow.lenovo.com.cn/detail/420425\u003c/a\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://iknow.lenovo.com.cn/detail/420425\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"shortName\": \"lenovo\", \"dateUpdated\": \"2024-04-05T20:47:09.905Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-27912\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-06-20T15:57:13.662Z\", \"dateReserved\": \"2024-02-27T16:12:55.968Z\", \"assignerOrgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"datePublished\": \"2024-04-05T20:47:09.905Z\", \"assignerShortName\": \"lenovo\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…