Lexmark security bug leaves thousands of its printers open to attack

By Scott Marlette Last updated Jan 27, 2023

Lexmark has urged its customers to update their printer’s firmware, following the publication of a proof-of-concept (PoC) exploit allowing remote code execution (RCE).

The exploit in question, designated CVE-2023-23560, can give attackers access to print job queues, reveal Wi-Fi network credentials, and allow access to other devices on a network.

Lexmark wrote in a security advisory (opens in new tab) that while it doesn’t believe the exploit is being widely used, more than 100 printer models are at risk of compromise while running pre-patch firmware.

Lexmark firmware versions

Per BleepingComputer (opens in new tab), firmware versions across all devices numbered 081.233 and below are vulnerable to RCE attacks, while fixed versions are numbered 081.234 or higher. Firmware versions released on or after January 18, 2022 are considered safe.

To retrieve their current firmware version, Lexmark users can navigate to the “Device Information” section located on the ‘Menu Setting Page’ of the ‘Reports’ section of their device settings.

New firmware for affected printers can, as ever, be obtained from Lexmark’s driver download portal (opens in new tab) and, depending on the operating system of a user’s PC such as Windows or Linux, be installed either via USB or via network methods such as the File Transfer Protocol (FTP).

Those who, for whatever reason, can’t apply the firmware update are advised to disable the web services feature, blocking the exploit albeit at the expense of the device’s internet-connected functionality.

To do this, users should navigate to the “Network/Ports” section of the settings menu, then the “TCP/IP” option, followed by the “TCP/IP Port Access” menu, before disabling “TCP 65002 (WSD Print Service)”.

Whether it’s a printer, a phone, a fridge, or anything else, devices capable of being connected to the internet can pose a risk to network security and the identities of users, and should be updated regularly.

Businesses and prosumers alike are advised to use separate, randomly generated passwords, stored in a password manager, across all their devices to decrease the chances of attackers using RCE exploits to invade a network. In addition, they could avoid a wireless printer altogether.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.