Critical vulnerability in Lexmark printers (March 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]There is a critical security vulnerability in the Lexmark firmware of various printers from this manufacturer. This is according to a security advisory issued by Lexmark on March 10, 2023. Hundreds of printer models are affected, including Lexmark MC3224, Lexmark B2338, Lexmark CX930 and Lexmark XC9335.


Advertising

I became aware of this security issue via various reports in media such as the following tweet from ghacks.net. There are critical vulnerabilities in the firmware of various Lexmark printers, which the manufacturer documents in security advisories.

Lexmark printer vulnerability

One of the vulnerabilities is considered critical, as it can lead to remote code execution on a device if successfully exploited. Hundreds of printers, including Lexmark MC3224, Lexmark B2338, Lexmark CX930 and Lexmark XC9335, are affected. ghacks.net has summarized the following list of CVEs with links to the respective Lexmark pages in this article.

  • CVE-2023-26063 — A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
  • CVE-2023-26064 — A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
  • CVE-2023-26065 — A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
  • CVE-2023-26066 — A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
  • CVE-2023-26067 — This input validation vulnerability allows an attacker who has already compromised an affected Lexmark device to escalate privileges.
  • CVE-2023-26068 — The embedded web server in newer Lexmark devices fails to properly sanitize input data which can lead to remote code execution on the device.
  • CVE-2023-26069 — An input validation vulnerability has been identified in the web API of newer Lexmark devices.

Firmware updates are available for the affected devices. General information about the firmware update is available on this support page. Lexmark states that there is no known exploit in the wild so far.


Cookies helps to fund this blog: Cookie settings
Advertising


Leave a Reply

Your email address will not be published. Required fields are marked *