bleepingcomputer[.]com/news/security/lexmark-warns-of-rce-bug-affecting-100-printer-models-poc-released/
publications.lexmark[.]com/publications/security-alerts/CVE-2023-23560.pdf
Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models.The security issue is tracked as CVE-2023-23560 and, according to the company, it has a severity rating of 9.0. It is a server-side request forgery (SSRF) in the Web Services feature of Lexmark devices.
No evidence of exploitationThe vendor’s advisory says that the bug could be leveraged to gain arbitrary code execution on the device, which could have a wider impact in an organization.
Lexmark says that the vulnerability is not under active exploitation at this time. However, proof of concept (PoC) exploit code has been published, which users should view as a strong recommendation to apply the vendor's patch.
The security advisory lists more than 100 printer models as being impacted if they run a vulnerable firmware release. Users are advised to check the firmware level and make sure that it matches an update that addresses the issue.
A full list of potentially affected devices, the vulnerable firmware releases and the updated version fixing the problem is available in Lexmark's security advisory.