{"id":7555,"date":"2018-11-02T00:39:00","date_gmt":"2018-11-01T23:39:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7555"},"modified":"2018-10-31T22:54:38","modified_gmt":"2018-10-31T21:54:38","slug":"security-firmware-update-for-lexmark-all-in-one-devices","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/11\/02\/security-firmware-update-for-lexmark-all-in-one-devices\/","title":{"rendered":"Security: Vulnerability in Lexmark All-in-one devices"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/?p=211178\" target=\"_blank\" rel=\"noopener\">German<\/a>]Lexmark has discovered a vulnerability in it's All-in-one devices within the color fax function. Lexmark published a security advisory about this vulneratbility. Currently it's unclear, if Lexmark provides firmware updates do mitigate the vulnerability within his devices.<\/p>\n<p><!--more--><\/p>\n<p>I stumbled upon this information on <a href=\"https:\/\/www.heise.de\/security\/meldung\/Sicherheitsupdates-Multifunktionsgeraete-von-Lexmark-anfaellig-fuer-boese-Faxe-4206719.html\" target=\"_blank\" rel=\"noopener\">German magazine heise.de<\/a>, although the vulnerabilities have been known since August. Because the <a href=\"http:\/\/support.lexmark.com\/index?page=content&amp;id=TE892&amp;modifiedDate=08%2F24%2F18&amp;actp=LIST_RECENT&amp;userlocale=EN_US&amp;locale=en\" target=\"_blank\" rel=\"noopener\">Lexmark Security Advisory: Lexmark Buffer Overflow Vulnerability<\/a> describes a vulnerability in the color fax function of its all-in-one devices as early as August 24, 2018. Lexmark has identified a buffer overflow vulnerability in some models of some machines that process color fax jobs.<\/p>\n<ul>\n<li>CVE-2018-1551919: This critical vulnerability allows an attacker to use a prepared fax message to attack a Lexmark all-in-one device. The vulnerability allows a remote attacker to execute arbitrary code through the device.<\/li>\n<li>CVE-2018-15520: This highly rated vulnerability allows an attacker to crash a Lexmark all-in-one device with a prepared fax message. This vulnerability allows to create a denial of service condition. It may be possible to influence other effects on the fax function..<\/li>\n<\/ul>\n<p>Both vulnerabilities persist until the received fax data is deleted from the machine (the Lexmark Support Center should be able to provide instructions on how to delete a fax message for that machine).<\/p>\n<p>Meanwhile, Lexmark has posted a list of affected devices on <a href=\"http:\/\/support.lexmark.com\/index?page=content&amp;id=TE892&amp;modifiedDate=08%2F24%2F18&amp;actp=LIST_RECENT&amp;userlocale=EN_US&amp;locale=en\" target=\"_blank\" rel=\"noopener\">this website<\/a>. Whether a firmware update is available for a device, should be answered by Lexmark support\u00a0 (I received a reader's feedback, that nor firmware updates are available). A workaround is to disable the Enable 'Color Fax Receive' feature on the affected devices.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Lexmark has discovered a vulnerability in it's All-in-one devices within the color fax function. Lexmark published a security advisory about this vulneratbility. Currently it's unclear, if Lexmark provides firmware updates do mitigate the vulnerability within his devices.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[171,415,69],"class_list":["post-7555","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-firmware-update","tag-printer","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=7555"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7555\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=7555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=7555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=7555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}