Security
Headlines
HeadlinesLatestCVEs

Headline

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

DARKReading
#vulnerability#web#windows#microsoft#rce#ssrf#pdf

A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week.

And, there’s proof of concept (PoC) exploit code circulating publicly, it added — though so far, in-the-wild attacks have yet to materialize.

The bug (CVE-2023-23560), which carries a score of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability in the “Web Services feature of newer Lexmark devices,” according to the print giant’s advisory (PDF).

The printers have an embedded Web server that allows users to view and remotely configure printer settings via an Internet portal. In a typical SSRF attack, an attacker can take over such a server and force it to make a connection either to internal resources housing sensitive information; or to external systems serving malware (or harvesting things like tokens and credentials).

Enterprise printers are a stealth entryway for threat actors into enterprise environments — but are often overlooked by IT security. However, as the community saw with the now-infamous “PrintNightmare” RCE flaw in Microsoft’s Windows Print Spooler that sent security teams scrambling, they often have privileged access to internal resources, and that can be problematic.

Lexmark has issued a firmware patch and noted that disabling Web Services on TCP port 65002 altogether will also do the trick for protection.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’

Printer exploit chain could be weaponized to fully compromise more than 100 models

CVE-2023-23560

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

DARKReading: Latest News

Apple Urgently Patches Actively Exploited Zero-Days