Lexmark security bug leaves thousands of its printers open to attack
>
Lexmark has urged its customers to use their printer‘s firmware, following the publication of a proof-of-concept (PoC) exploit that enables remote code execution (RCE).
The exploit in question, dubbed CVE-2023-23560, can allow attackers access to print queues, reveal Wi-Fi network credentials, and allow access to other devices on a network.
Lexmark wrote in a safety advice (opens in new tab) that while it does not believe the exploit is widely used, more than 100 printer models are at risk of being compromised while pre-patch firmware.
Lexmark firmware versions
Per Beeping computer (opens in new tab), firmware versions on all devices numbered 081.233 and lower are vulnerable to RCE attacks, while fixed versions are numbered 081.234 or higher. Firmware versions released on or after January 18, 2022 are considered safe.
To retrieve their current firmware version, Lexmark users can navigate to the “Device Information” section of the “Menu Settings” page of the “Reports” section of their device settings.
New firmware for affected printers can, as always, be obtained from Lexmark driver download portal (opens in new tab) and, depending on a user’s operating system PC such as Windows or Linuxbe installed via USB or via network methods such as the File transfer protocol (FTP).
Those who for some reason cannot apply the firmware update are advised to disable the web services function, which will block the exploit, albeit at the expense of the device’s internet-connected functionality.
To do this, users must navigate to the “Network/Ports” section of the setup menu, then to the “TCP/IP” option, followed by the “TCP/IP Port Access” menu, before selecting “TCP 65002 (WSD Print Service )”.
Whether it’s a printer, a phone, a refrigerator, or anything else, devices that can connect to the Internet can pose a risk to network security and identities of users, and must be updated regularly.
Both companies and prosumers are advised to use separately, at random generated passwordssaved in a password manager, on all their devices to reduce the chance of attackers using RCE exploits to break into a network. In addition, they can prevent a wireless printer all together.