Lexmark issued an announcement this week, stating that there are security vulnerabilities in a variety of printer models, including Lexmark MC3224, Lexmark B2338, Lexmark CX930 and Lexmark XC9335, some of which are marked as “critical”.
Image source Lexmark
Vulnerability information are as follows
CVE-2023-26063 – A vulnerability was discovered in the Postscript interpreter of several Lexmark printers.
CVE-2023-26064 – A vulnerability was discovered in the Postscript interpreter of several Lexmark printers.
CVE-2023-26065 – A vulnerability was discovered in the Postscript interpreter of several Lexmark printers.
CVE-2023-26066 – A vulnerability was discovered in the Postscript interpreter of several Lexmark printers.
CVE-2023-26067 – A proof-of-concept vulnerability for input could allow elevation of privilege on affected printers.
CVE-2023-26068 – In newer Lexmark printers, the embedded web server fails to properly sanitize incoming data, which could allow an attacker to remotely execute code on the printer.
CVE-2023-26069 – On newer Lexmark printers, an input validation vulnerability was discovered in the Web API.
Lexmark said there is currently no evidence that attackers have exploited the vulnerability to attack consumer printers. However, Lexmark recommends that users complete the upgrade as soon as possible. Users of Lexmark printers can go to https://support.lexmark.com/zh_cn/drivers-downloads.html to download.
