A severe vulnerability found on Lexmark firmware could allow hackers to launch a remote code execution (RCE), which the printer manufacturing company immediately patched. Tracked as CVE-2023-23560, the Lexmark flaw is rated 9.0 in criticality.
The flaw is also described as server-side request forgery (SSRF) in Lexmark devices’ Web services feature. It is an attack which enables hackers to access and modify the internal resources of its target.
The web security (SSRF) vulnerability in all printing devices could allow hackers to access, steal credentials to the printer’s connected network, and potentially take control of other devices connected to that network.
In an advisory, Lexmark explained that the flaw could be abused if left unpatched, which exposes organisations to wide adverse aftermaths.
A proof-of-concept (PoC) exploit code was published to provide a reference for users about how critical the flaw is if left unpatched. Fortunately, the printing manufacturer confirmed that the vulnerability is not under active exploitation by any malicious entity; thus, users must immediately take action and apply the released firmware patches.
The company’s advisory also listed over 100 Lexmark printer models exposed to the flaw. Users must review the list, check whether their units are included, and apply the respective patch that addresses the flaw.
Furthermore, for users to determine which firmware is running on their Lexmark devices, they are instructed to go to settings, then inside “Report”, select “Menu Setting Page.” Users can find the device’s version details in that section.
Lexmark is aware that some users cannot apply the patches immediately. Hence, they recommended a workaround involving disabling the TCP port 65002 Web Services feature, which blocks a potential entry for hackers to abuse the flaw.
To disable the TCP port 65002 Web Services feature, users must go to settings, then select “Network/Ports,” then select “TCP/IP,” leading them to “TCP/IP Port Access.” Users must untick “TCP 65002 (WSD Print Service)” in that section and then save changes to apply.
It has been common for threat actors to abuse unpatched flaws in printing devices to access unguarded networks furtively. Numerous users are exposed to these potential threats, especially if they continue to neglect to employ robust security defences on their devices.
