# Critical RCE Lexmark Printer Bug Has Public Exploit
Source URL:     https://www.darkreading.com/cloud/critical-rce-lexmark-printer-bug-has-public-exploit
Date:           20230127T1802

A critical security vulnerability allowing remote code execution (RCE)
affects more than 120 different Lexmark printer models, the manufacturer
warned this week.

And, there's proof of concept (PoC) exploit code circulating publicly,
it added — though so far, in-the-wild attacks have yet to materialize.

The bug (CVE-2023-23560), which carries a score of 9 out of 10 on the CVSS vulnerability-severity scale, is a server-side request forgery (SSRF) vulnerability in the "Web Services feature of newer Lexmark devices," according to the print giant's [advisory][1] (PDF).

The printers have an embedded Web server that allows users to view and
remotely configure printer settings via an Internet portal. In a typical
SSRF attack, an attacker can take over such a server and force it to
make a connection either to internal resources housing sensitive
information; or to external systems serving malware (or harvesting
things like tokens and credentials).

[Enterprise printers][2] are a stealth entryway for threat actors into
enterprise environments — but are often overlooked by IT security.
However, as the community saw with the now-infamous ["PrintNightmare"
RCE flaw][3] in Microsoft's Windows Print Spooler that sent security
teams scrambling, they often have privileged access to internal
resources, and that can be problematic.

Lexmark has issued a firmware patch and noted that disabling Web
Services on TCP port 65002 altogether will also do the trick for
protection.

Keep up with the latest cybersecurity threats, newly-discovered
vulnerabilities, data breach information, and emerging trends. Delivered
daily or weekly right to your email inbox.

[Subscribe][4]

  [1]: https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
  [2]: https://www.darkreading.com/edge-slideshows/7-ways-to-lock-down-enterprise-printers-
  [3]: https://www.darkreading.com/endpoint/microsoft-issues-new-cve-for-printnightmare-flaw
  [4]: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa3135&ch=dr_eoa (Subscribe)

You are viewing proxied material from tilde.team. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.