Lexmark Warns of RCE Bug Affecting 100 Printer Models, PoC Released

Lexmark has released a security firmware update to address a serious vulnerability that could allow Remote Code Execution (RCE) on more than 100 printer models.

The security issue is tracked as CVE-2023-23560 and according to the company it has a severity rating of 9.0. This is Server-Side Request Forgery (SSRF) in the Web Services feature of Lexmark devices.

No evidence of exploitation

The vendor’s advisory indicates that the bug could be exploited to obtain arbitrary code execution on the device, which could have a wider impact in an organization.

Lexmark says the vulnerability is not being actively exploited at this time. However, a proof-of-concept (PoC) exploit code has been released, which users should take as a strong recommendation to apply the vendor patch.

“Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but the proof-of-concept code has been publicly released” – Lexmark

The security consulting lists over 100 printer models as affected if they are running a vulnerable firmware version. Users are advised to check the firmware level and make sure it is an update that resolves the issue.

A full list of potentially affected devices, vulnerable firmware versions, and the updated version that resolves the issue is available on the Lexmark website. security consulting.

In the context of a print service, an SSRF vulnerability could allow attackers to access print jobs, allow them to obtain the credentials of the network to which the printer is connected, and potentially pivot to d other devices on the same segment.

CVE-2023-23560 affects a large number of Lexmark printers, so owners of Lexmark devices are recommended to review the advisory and confirm that they are running a secure firmware version released on or after January 18, 2022.

Firmware check

In general, all firmware versions numbered 081.233 and below are vulnerable regardless of their alphabetic coding, while fixed versions are numbered 0.81.234 and later.

To determine what firmware is running on your device, go to “Settings → Reports → Menu Setup Page” and check the version listed under the “Device Information” section.

To obtain a copy of the latest firmware for your printer model, visit the official Lexmark download portal.

For those unable to apply the security update, Lexmark suggests the workaround of disabling the Web Services feature on TCP port 65002, blocking the ability for attackers to exploit CVE-2023-23560.

To do this, go to “Settings → Network/Ports → TCP/IP → TCP/IP Port Access“, uncheck “TCP 65002 (WSD print service)”, and save the changes.

Printers are often overlooked when it comes to applying good security practices, and they are at risk for long periods of time.

Users should take appropriate measures, such as applying security updates in a timely manner, using strong administrator credentials, and disabling unused web services.


Source link