CVE-2023-23560

Name of the Vulnerable Software and Affected Versions Lexmark products through 2023-01-12

Description The issue is related to insufficient validation of requests on the server side of the New Lexmark Devices web service for Lexmark printers. This can allow a remote attacker to execute arbitrary code. The vulnerability is also described as a Server-Side Request Forgery (SSRF) issue due to a lack of input validation. It affects the web interface of certain Lexmark printer models, potentially allowing an attacker to gain extended network access. However, it is unclear whether an attacker could access printed or scanned content.

Recommendations For Lexmark products through 2023-01-12, consider disabling TCP 65002 (WSD Print Service) in the settings as a temporary workaround to minimize the risk of exploitation. It is also recommended to patch the vulnerability when a fix becomes available. Additionally, reviewing asset management practices for printers and other devices, including regular vulnerability scanning and updates, can help mitigate such risks.