A important safety vulnerability permitting distant code execution (RCE) impacts greater than 120 completely different Lexmark printer fashions, the producer warned this week.
And, there’s proof of idea (PoC) exploit code circulating publicly, it added — although to this point, in-the-wild assaults have but to materialize.
The bug (CVE-2023-23560), which carries a rating of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability within the “Internet Providers characteristic of newer Lexmark gadgets,” in keeping with the print big’s advisory (PDF).
The printers have an embedded Internet Server that enables customers to view and remotely configure printer settings through an Web portal. In a typical SSRF assault, an attacker can take over such a server and drive it to make a connection both to inside assets housing delicate data; or to exterior techniques serving malware (or harvesting issues like tokens and credentials).
Enterprise printers are a stealth entryway for risk actors into enterprise environments — however are sometimes neglected by IT safety. Nevertheless, because the group noticed with the now-infamous “PrintNightmare” RCE flaw in Microsoft’s Home windows Print Spooler that despatched safety groups scrambling, they usually have privileged entry to inside assets, and that may be problematic.
Lexmark has issued a firmware patch and famous that disabling Internet Providers on TCP port 65002 altogether may also do the trick for cover.
