Security News > 2023 > January > Lexmark warns of RCE bug affecting 100 printer models, PoC released
Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution on more than 100 printer models.
"Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but proof of concept code has been publicly published" - Lexmark.
The security advisory lists more than 100 printer models as being impacted if they run a vulnerable firmware release.
In the context of a printing service, an SSRF vulnerability could give attackers to access print jobs, let them obtain the credentials to the network the printer is connected to, and potentially pivot to other devices on the same segment.
CVE-2023-23560 impacts a large number of Lexmark printers, so owners of Lexmark devices are recommended to check the advisory and confirm they're running a safe firmware version released on or after January 18, 2022.
To obtain a copy of the latest firmware version for your printer model, visit Lexmark's official download portal.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-23 | CVE-2023-23560 | Server-Side Request Forgery (SSRF) vulnerability in Lexmark products In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. | 9.8 |