Critical RCE Lexmark Printer Bug Has Public Exploit

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.darkreading.com/cloud/critical-rce-lexmark-printer-bug-has-public-exploit
A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week.

And, there's proof of concept (PoC) exploit code circulating publicly, it added - though so far, in-the-wild attacks have yet to materialize. The bug ( CVE-2023-23560 ), which carries a score of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability in the "Web Services feature of newer Lexmark devices," according to the print giant's advisory (PDF). The printers have an embedded Web server that allows users to view and remotely configure printer settings via an Internet portal. In a typical SSRF attack, an attacker can take over such a server and force it to make a connection either to internal resources housing sensitive information; or to external systems serving malware (or harvesting things like tokens and credentials).
Click to expand...
www.darkreading.com

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.
www.darkreading.com www.darkreading.com
 
  • Like
Reactions: harlan4096 and vtqhtr413
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Numerous Lexmark Printers affected by critical security issues
Replies
0
Views
629
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • +Reputation
Millions of Exim mail servers exposed to zero-day RCE attacks
Replies
0
Views
1,344
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • +Reputation
    • Like
Lexmark firmware update closes vulnerability and fixes Windows printer issue
Replies
0
Views
543
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top