Security News > 2023 > January > Lexmark warns of RCE bug affecting 100 printer models, PoC released

Lexmark warns of RCE bug affecting 100 printer models, PoC released
2023-01-26 20:08

Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution on more than 100 printer models.

"Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but proof of concept code has been publicly published" - Lexmark.

The security advisory lists more than 100 printer models as being impacted if they run a vulnerable firmware release.

In the context of a printing service, an SSRF vulnerability could give attackers to access print jobs, let them obtain the credentials to the network the printer is connected to, and potentially pivot to other devices on the same segment.

CVE-2023-23560 impacts a large number of Lexmark printers, so owners of Lexmark devices are recommended to check the advisory and confirm they're running a safe firmware version released on or after January 18, 2022.

To obtain a copy of the latest firmware version for your printer model, visit Lexmark's official download portal.


News URL

https://www.bleepingcomputer.com/news/security/lexmark-warns-of-rce-bug-affecting-100-printer-models-poc-released/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-23560 Server-Side Request Forgery (SSRF) vulnerability in Lexmark products
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
network
low complexity
lexmark CWE-918
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lexmark 431 1 13 18 23 55