Lexmark warns of RCE bug affecting 100 printer models, PoC released


Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models.

The security issue is tracked as CVE-2023-23560 and, according to the company, it has a severity rating of 9.0. It is a server-side request forgery (SSRF) in the Web Services feature of Lexmark devices.

No evidence of exploitation

The vendor’s advisory says that the bug could be leveraged to gain arbitrary code execution on the device, which could have a wider impact in an organization.

Lexmark says that the vulnerability is not under active exploitation at this time. However, proof of concept (PoC) exploit code has been published, which users should view as a strong recommendation to apply the vendor’s patch.

“Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but proof of concept code has been publicly published” – Lexmark

The security advisory lists more than 100 printer models as being impacted if they run a vulnerable firmware release. Users are advised to check the firmware level and make sure that it matches an update that addresses the issue.

A full list of potentially affected devices, the vulnerable firmware releases and the updated version fixing the problem is available in Lexmark’s security advisory. 

In the context of a printing service, an SSRF vulnerability could give attackers to access print jobs, let them obtain the credentials to the network the printer is connected to, and potentially pivot to other devices on the same segment.

CVE-2023-23560 impacts a large number of Lexmark printers, so owners of Lexmark devices are recommended to check the advisory and confirm they’re running a safe firmware version released on or after January 18, 2022.

Firmware check

In general, all firmware versions numbered 081.233 and below are vulnerable regardless of their letter coding, while fixed versions are numbered 0.81.234 and later.

To determine what firmware runs on your device, navigate to “Settings → Reports → Menu Setting Page” and check the version listed under the “Device Information” section.

To obtain a copy of the latest firmware version for your printer model, visit Lexmark’s official download portal.

For those who cannot apply the security update, Lexmark suggests the workaround of disabling the Web Services feature on TCP port 65002, blocking the ability for attackers to exploit CVE-2023-23560.

To do that, head to “Settings → Network/Ports → TCP/IP → TCP/IP Port Access,” uncheck “TCP 65002 (WSD Print Service),” and save the changes.

Printer devices are often neglected when it comes to applying good security practices, and they are left exposed to risks for extensive periods.

Users should take appropriate measures like applying security updates in a timely fashion, using strong administrator credentials, and disabling unused web-facing services.



Source link