A
critical
security
vulnerability
allowing
remote
code
execution
(RCE)
affects
more
than
120
different
Lexmark
printer
models,
the
manufacturer
warned
this
week.
And,
there’s
proof
of
concept
(PoC)
exploit
code
circulating
publicly,
it
added
—
though
so
far,
in-the-wild
attacks
have
yet
to
materialize.
The
bug
(CVE-2023-23560),
which
carries
a
score
of
9
out
of
10
on
the
CVSS
vulnerability-severity
scale,
is
a
server-side
request
forgery
(SSRF)
vulnerability
in
the
“Web
Services
feature
of
newer
Lexmark
devices,”
according
to
the
print
giant’s
advisory
(PDF).
The
printers
have
an
embedded
Web
Server
that
allows
users
to
view
and
remotely
configure
printer
settings
via
an
Internet
portal.
In
a
typical
SSRF
attack,
an
attacker
can
take
over
such
a
server
and
force
it
to
make
a
connection
either
to
internal
resources
housing
sensitive
information;
or
to
external
systems
serving
malware
(or
harvesting
things
like
tokens
and
credentials).
Enterprise
printers
are
a
stealth
entryway
for
threat
actors
into
enterprise
environments
—
but
are
often
overlooked
by
IT
security.
However,
as
the
community
saw
with
the
now-infamous
“PrintNightmare”
RCE
flaw
in
Microsoft’s
Windows
Print
Spooler
that
sent
security
teams
scrambling,
they
often
have
privileged
access
to
internal
resources,
and
that
can
be
problematic.
Lexmark
has
issued
a
firmware
patch
and
noted
that
disabling
Web
Services
on
TCP
port
65002
altogether
will
also
do
the
trick
for
protection.