"Critical Vulnerability Impacts Over 120 Lexmark Printers"

Printer and imaging products manufacturer Lexmark recently published a security advisory to warn users of a critical vulnerability impacting over 120 printer models.  The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices.  The company noted that successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device.  The manufacturer lists roughly 125 device models that are impacted by the security defect, including B, C, CS, CX, M, MB, MC, MS, MX, XC, and XM series printers.  The company recently announced firmware updates that resolve the vulnerability on all impacted devices and encourages users to find update instructions on its support website.  Additionally, Lexmark says that exploitation of CVE-2023-23560 can be blocked by disabling the Web Services feature on the vulnerable printers (TCP port 65002).  The company stated that currently, they are unaware of any malicious attacks targeting the vulnerability but warned that proof-of-concept (PoC) code exploiting it had been made public.  Given that it is not unusual for threat actors to target unpatched printers and other Internet of Things (IoT) devices, users are advised to apply the available patches as soon as possible.

SecurityWeek reports: "Critical Vulnerability Impacts Over 120 Lexmark Printers"