CVSS Severity (version 2.0):
CVSS v2 Base Score:
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows disruption of service
Lexmark products have connection flood protection mechanisms that limit the number of simultaneous network connections that can be made to the device on most TCP service ports.
(21/FTP 79/Finger, 515/LPD, 631/IPP, 5001, 9100-9104, 9200, 9300, 9400, 9500-9501 & 9600)
The FTP service exception handler does not properly maintain the state of the flood protection when passive FTP connections are aborted. Once a sufficient number of passive FTP connections have timed out (typically 15), the flood protection is enabled and is never reset.
The flood protection can be reset by resetting the network adapter, or by power cycling the device.
The firmware update that resolves this vulnerability automatically resets the flood protection after the “Network Job Timeout” has expired or 90 seconds if the “Network Job Timeout” is disabled.'