Following the disclosure of a proof-of-concept (PoC) attack allowing remote code execution, Lexmark advised its customers to update the firmware on their printers (RCE).
The vulnerability in question, known as CVE-2023-23560, enables access to additional networked devices, print job queues, and Wi-Fi network credentials for attackers.
As per the DARKReading, modern-day printers carry an embedded Web server that allows users to view and remotely configure printer settings via an Internet portal. In a typical SSRF attack, an attacker can take over such a server and force it to make a connection either to internal resources housing sensitive information; or to external systems serving malware or harvesting things like tokens and credentials.
As per the publication’s latest report, enterprise printers are a stealth entryway for threat actors into enterprise environments, but are often overlooked by IT security. However, as the community saw with the now-infamous “PrintNightmare” RCE flaw in Microsoft’s Windows Print Spooler that sent security teams scrambling, they often have privileged access to internal resources, which is a problematic fact.
Although Lexmark doesn’t think the attack is being widely utilised, it warns that more than 100 printer types using pre-patch firmware are vulnerable to compromise.
Firmware Versions For Lexmark
According to BleepingComputer, all firmware versions with a version number of 081.233 or lower are susceptible to RCE attacks, whereas those with a version number of 081.234 or higher have been repaired. Versions of firmware issued on or after January 18, 2022, are regarded as secure.
Users of Lexmark devices can access the “Device Information” section on the “Menu Setting Page” of the “Reports” part of their device settings to get their most recent firmware version.
As always, users can download updated firmware for impacted printers from Lexmark’s driver download portal (opens in new tab), which can then be installed by USB or network protocols like the File Transfer Protocol depending on whether their PC is running Windows or Linux (FTP).
People who, for whatever reason, are unable to install the firmware update are urged to disable the web services capability, which will eliminate the exploit but reduce the device’s ability to connect to the internet.
Users should go to the “Network/Ports” section of the settings menu, choose “TCP/IP,” then “TCP/IP Port Access,” and finally disable “TCP 65002 (WSD Print Service)” to accomplish this.
All internet-connected devices, including printers, phones, refrigerators, and other appliances, should be constantly updated to prevent threats to network security and user identities.
To lessen the likelihood that attackers may employ RCE exploits to break into a network, businesses and consumers should use unique, randomly generated passwords stored in a password manager across all devices. Additionally, they could print without a wireless printer entirely.