Lexmark has released a firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560 with a CVSS score of 9.0, that impacts more than 100 printer models.
The security bug is a server-side request forgery in the Web Services feature of Lexmark printers. This vulnerability can be leveraged by an attacker to gain arbitrary code execution on the device.
The compromise of a vulnerable printer can be exploited by threat actors to achieve an initial intrusion into the target network. After which the attacker can access the print spooler exposing sensitive documents or obtain the credentials to the network the device is connected to.
Lexmark is not aware of attacks in the wild exploiting the vulnerability. But due to the availability of PoC, it can’t be excluded that threat actors will start to exploit this flaw
It’s recommended to download the latest firmware version for their printer model by visiting Lexmark’s Support Center portal.
The available workaround in case it is not possible to immediately update the firmware:
- Disabling the Web-Services service on the printer (TCP port 65002) blocks the ability to exploit this vulnerability.
- The port can be blocked by the following process: GoTo Settings select Network/Ports and then select TCP/IP- > “TCP/IP Port Access” and then uncheck TCP 65002 ( WSD Print Service ) and save.
