Published: 10/04/2023 Updated: 19/09/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Vulnerable Product	Search on Vulmon	Subscribe to Product
lexmark cxtpc_firmware
lexmark cstpc_firmware
lexmark mxtct_firmware
lexmark mxtpm_firmware
lexmark cxtmm_firmware
lexmark mslsg_firmware
lexmark mxlsg_firmware
lexmark mslbd_firmware
lexmark mxlbd_firmware
lexmark msngm_firmware
lexmark mxngm_firmware
lexmark mxtgm_firmware
lexmark msngw_firmware
lexmark mstgw_firmware
lexmark mxtgw_firmware
lexmark cslbn_firmware
lexmark cslbl_firmware
lexmark cxlbn_firmware
lexmark cxlbl_firmware
lexmark csnzj_firmware
lexmark cxtzj_firmware
lexmark cxnzj_firmware
lexmark cxtpp_firmware
lexmark cstat_firmware
lexmark cxtat_firmware
lexmark cstmh_firmware

Check Point Reference: CPAI-2023-0683 Date Published: 5 Dec 2023 Severity: Critical ...

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19 The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user If no Admin user is created, the endpoint /cgi-bin/fax ...

CWE-20 https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf https://support.lexmark.com/alerts/http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-0683.html

CVE-2023-26068

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect