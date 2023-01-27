International printer maker Lexmark just released a firmware update to address a vulnerability, tracked as CVE-2023-23560, impacting over 100 of its printer models. For the more technical, the flaw is of the server-side request forgery (SSRF) type and resides in the Web Services functionality of the devices and could be exploited by a remote attacker to take possession of the device.

“A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. This vulnerability could be exploited by an attacker to achieve arbitrary code execution on the device. it reads in advisory published by the manufacturer. Compromising a printer is an extremely dangerous event for companies and organizations as an attacker could use the hacked device as an entry point into their infrastructure. Once a printer has been compromised, the attacker will have access to the documents sent to it, potentially leaking sensitive information, or worse still could obtain credentials for the network the device is connected to. From that moment on, the attacker is free to make lateral movements within the network trying to compromise as many systems hosted therein.

In the specific case I stress the importance of updating the printers to the latest version supplied by Lexmark, as although there is no knowledge of attacks that have exploited the flaw to date, the availability of a code (PoC – proof of concept exploit) capable of exploiting it.

“Lexmark is not aware of any attacks against its products that exploit the vulnerability described in this advisory, but is aware that proof of concept code is publicly available.” counseling continues.

The list of vulnerable devices is long, according to the alert, more than 100 printer models are affected by this vulnerability and in many cases these are printers that are commonly found in our companies. To determine if your device is running a vulnerable firmware version, select the menu item “Settings”->”Reports”->”Menu Settings Page” from the operator panel. If the firmware level listed in “Device Information” matches any level in “Affected Versions” listed in the notice, upgrade to an available “Fixed Version”.

I strongly recommend that Lexmark printer owners download the latest firmware version for their printer model by visiting the Lexmark Support Center portal.

If, for various reasons, you are unable to update the firmware of your printer, know that a temporary and alternative solution is available which consists in disabling the functionality in which the flaw resides.

“Disabling the Web-Services service on the printer (TCP port 65002) blocks the ability to exploit this vulnerability. The port can be blocked with the following procedure: “Settings”->”Network/Ports”-> “TCP/IP”-> “TCP/IP port access”, then uncheck “TCP 65002 (WSD Print Service)” and save .” Suggests the manufacturer. Printer security is crucial in the workplace, precisely because an attack on them could be the starting point of an offensive against the entire organization.

In the past, many attacks have been demonstrated that have targeted printers, not surprisingly, in the main international hacking contests there is always a section dedicated to hacking these devices. In March 2022, three critical flaws were discovered in several HP printer models, including HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

Even then, the flaws could be exploited to reveal sensitive information, compromise devices, and cause a printer out of availability (DoS) condition. It is therefore essential to keep these devices updated and to protect them adequately, for example by disabling those features that we do not use.