Join us for the exclusive 2024 Summer Product Launch, secure your spot today!   – Save your seat 🍿

TRY NOW
Vulnerability

Severe Vulnerability Threatens over 100 Lexmark Printer Models

2 min. read
27/01/2023
By Laura Libeer
Lexmark-Vulnerability-Blog_Image_Base_Featured

⚡ TL;DR | Go Straight to the Lexmark Vulnerability Report

Lexmark has released a security firmware update in response to a severe vulnerability that could lead to remote code execution on more than 100 models of their printers. Successful exploitation of the vulnerability could allow an attacker to remotely execute arbitrary code on a device. This would in turn compromise sensitive data or lead to data loss.

CVE-2023-23560

The vulnerability, tracked as CVE-2023-23560 has a CVSSv3 base score of 9.0. It is a Server-Side Request Forgery (SSRF) vulnerability in the Web Services feature of newer Lexmark devices. You can find a list of all affected models in Lexmark’s Security Advisory. An attacker could use the security issue to achieve arbitrary code execution on the device. At this moment there are no reports of the vulnerability being exploited in the wild. However, a PoC exploit code has been publicly published, so you are strongly advised to update any vulnerable printers in your IT environment.

Update Vulnerable Lexmark Printers

As mentioned above you can find a list of all affected printer models in Lexmark’s security advisory. They strongly urge you to update the firmware of any vulnerable devices. The vulnerability affects all firmware versions numbered 081.233 or lower. These should be updated to the fixed version 081.234 or later. You can find your device’s firmware level listed under “Device Information” in the “Settings” -> “Reports” -> “Menu Setting Page” menu in the operator panel.

Discover Vulnerable Devices

Based on the list of affected models shared by Lexmark, we have created a special Lansweeper report that will provide a list of all devices in your environment that could be affected by the vulnerability. This way you have an actionable list of devices that might require a patch.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.