CVE-2023-40239

Name of the Vulnerable Software and Affected Versions Lexmark devices versions prior to LW80.*.P246

Description The issue allows XXE attacks, leading to information disclosure. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include XXE attacks.

Recommendations For Lexmark devices versions prior to LW80..P246, update the firmware to LW80..P246 or higher to remediate the vulnerability. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Avoid using vulnerable functions or parameters in the affected devices until the issue is resolved.