Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-22960

Published: 23/01/2023 Updated: 06/02/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Lexmark

Vulnerability Summary

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lexmark b2236_firmware

lexmark b2338_firmware

lexmark b2442_firmware

lexmark b2546_firmware

lexmark b2650_firmware

lexmark b2865_firmware

lexmark b3340_firmware

lexmark b3442_firmware

lexmark c2240_firmware

lexmark c2325_firmware

lexmark c2326_firmware

lexmark c2425_firmware

lexmark c2535_firmware

lexmark c3224_firmware

lexmark c3326_firmware

lexmark c3426_firmware

lexmark c4150_firmware

lexmark c6160_firmware

lexmark c9235_firmware

lexmark cs331_firmware

lexmark cs421_firmware

lexmark cs431_firmware

lexmark cs439_firmware

lexmark cs521_firmware

lexmark cs622_firmware

lexmark cs720_firmware

lexmark cs725_firmware

lexmark cs727_firmware

lexmark cs728_firmware

lexmark cs820_firmware

lexmark cs827_firmware

lexmark cs921_firmware

lexmark cs923_firmware

lexmark cs927_firmware

lexmark cx331_firmware

lexmark cx421_firmware

lexmark cx431_firmware

lexmark cx522_firmware

lexmark cx622_firmware

lexmark cx625_firmware

lexmark cx725_firmware

lexmark cx727_firmware

lexmark cx820_firmware

lexmark cx825_firmware

lexmark cx860_firmware

lexmark cx920_firmware

lexmark cx921_firmware

lexmark cx922_firmware

lexmark cx923_firmware

lexmark cx924_firmware

lexmark cx944_firmware

lexmark m1242_firmware

lexmark m1246_firmware

lexmark m1342_firmware

lexmark m3250_firmware

lexmark m5255_firmware

lexmark m5270_firmware

lexmark mb2236_firmware

lexmark mb2338_firmware

lexmark mb2442_firmware

lexmark mb2546_firmware

lexmark mb2650_firmware

lexmark mb2770_firmware

lexmark mb3442_firmware

lexmark mc2325_firmware

lexmark mc2425_firmware

lexmark mc2535_firmware

lexmark mc2640_firmware

lexmark mc3224_firmware

lexmark mc3326_firmware

lexmark mc3426_firmware

lexmark ms321_firmware

lexmark ms331_firmware

lexmark ms421_firmware

lexmark ms431_firmware

lexmark ms521_firmware

lexmark ms621_firmware

lexmark ms622_firmware

lexmark ms725_firmware

lexmark ms821_firmware

lexmark ms822_firmware

lexmark ms823_firmware

lexmark ms825_firmware

lexmark ms826_firmware

lexmark mx321_firmware

lexmark mx331_firmware

lexmark mx421_firmware

lexmark mx431_firmware

lexmark mx432_firmware

lexmark mx521_firmware

lexmark mx522_firmware

lexmark mx622_firmware

lexmark mx721_firmware

lexmark mx722_firmware

lexmark mx822_firmware

lexmark mx826_firmware

lexmark mx931_firmware

lexmark xc2235_firmware

lexmark xc2326_firmware

lexmark xc4140_firmware

lexmark xc4143_firmware

lexmark xc4150_firmware

lexmark xc4153_firmware

lexmark xc4240_firmware

lexmark xc4342_firmware

lexmark xc4352_firmware

lexmark xc6152_firmware

lexmark xc6153_firmware

lexmark xc8155_firmware

lexmark xc8160_firmware

lexmark xc8163_firmware

lexmark xc9225_firmware

lexmark xc9235_firmware

lexmark xc9245_firmware

lexmark xc9255_firmware

lexmark xc9265_firmware

lexmark xc9335_firmware

lexmark xc9445_firmware

lexmark xc9455_firmware

lexmark xc9465_firmware

lexmark xm1242_firmware

lexmark xm1246_firmware

lexmark xm1342_firmware

lexmark xm3142_firmware

lexmark xm3250_firmware

lexmark xm5365_firmware

lexmark xm7355_firmware

lexmark xm7370_firmware

Github Repositories

https://github.com/t3l3machus/CVE-2023-22960

This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.

PoC for CVE-2023-22960 Details PoC for CVE-2023-22960 that I discovered This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server interface of all Lexmark printer models that have a firmware version released before 01/2023 This issue affects both username-password and PIN authentication Official security ad

https://github.com/manas3c/CVE-2023-22960

PoC for CVE-2023-22960 Details This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models This issue affects both username-password and PIN authentication Official security advisory -> publicationslexmarkcom/publications/security-alerts/CVE-2

https://github.com/t3l3machus/t3l3machus

Connect with me / Support: Hi, I'm t3l3machus, Penetration Tester & Cybersec Researcher from Athens, Greece πŸ‡¬πŸ‡·, currently living in Poland πŸ‡΅πŸ‡± If you like the tools I make please show some love by following me, subscribing on YT, throwing a star here and there or just give respect on HackTheBox Projects: πŸ

References

CWE-307https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdfhttps://nvd.nist.govhttps://github.com/t3l3machus/CVE-2023-22960
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook