A significant security vulnerability has been identified in numerous Lexmark printer models, potentially allowing attackers to execute arbitrary code remotely. This flaw, designated as CVE-2023-23560, is a server-side request forgery (SSRF) vulnerability found in the Web Services feature of Lexmark devices. With a CVSS score of 9.0, this issue poses a substantial risk to organizations utilizing these printers.
Understanding the Vulnerability
The SSRF vulnerability in the Web Services feature can be exploited by attackers to gain unauthorized access and execute arbitrary code on affected devices. This could lead to unauthorized access to sensitive documents, compromise of network credentials, and potential lateral movement within the network. The vulnerability affects over 100 Lexmark printer models, including the B, C, CS, CX, M, MB, MC, MS, MX, XC, and XM series. Firmware versions numbered 081.233 and below are vulnerable, while versions 0.81.234 and later have addressed the issue.
Potential Impact
If exploited, this vulnerability could allow attackers to:
– Access and exfiltrate sensitive documents.
– Obtain network credentials, potentially leading to further network compromise.
– Use the compromised printer as a foothold to launch additional attacks within the organization.
Given the critical nature of this vulnerability, immediate action is required to mitigate potential risks.
Recommended Actions
Lexmark has released firmware updates to address this vulnerability. Users are strongly advised to:
1. Update Firmware: Download and install the latest firmware version for your specific printer model from Lexmark’s official support portal.
2. Disable Web Services Feature: As a temporary workaround, disable the Web Services feature on TCP port 65002 by navigating to Settings → Network/Ports → TCP/IP → TCP/IP Port Access, unchecking TCP 65002 (WSD Print Service), and saving the changes.
3. Monitor for Unusual Activity: Regularly review printer logs and network activity for any signs of unauthorized access or anomalies.
Conclusion
The discovery of CVE-2023-23560 underscores the importance of maintaining up-to-date firmware and implementing robust security measures for all network-connected devices, including printers. Organizations should prioritize applying the recommended firmware updates and consider disabling vulnerable features until patches are applied. Continuous monitoring and adherence to security best practices are essential to safeguard against potential exploits targeting such vulnerabilities.
