A essential safety vulnerability permitting distant code execution (RCE) impacts greater than 120 totally different Lexmark printer fashions, the producer warned this week.
And, there’s proof of idea (PoC) exploit code circulating publicly, it added — although up to now, in-the-wild assaults have but to materialize.
The bug (CVE-2023-23560), which carries a rating of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability within the “Web Services characteristic of newer Lexmark gadgets,” in line with the print big’s advisory (PDF).
The printers have an embedded Web server that enables customers to view and remotely configure printer settings through an Internet portal. In a typical SSRF assault, an attacker can take over such a server and drive it to make a connection both to inner sources housing delicate data; or to exterior techniques serving malware (or harvesting issues like tokens and credentials).
Enterprise printers are a stealth entryway for risk actors into enterprise environments — however are sometimes missed by IT safety. However, because the neighborhood noticed with the now-infamous “PrintNightmare” RCE flaw in Microsoft’s Windows Print Spooler that despatched safety groups scrambling, they typically have privileged entry to inner sources, and that may be problematic.
Lexmark has issued a firmware patch and famous that disabling Web Services on TCP port 65002 altogether will even do the trick for defense.