Vulnerability Details : CVE-2023-26068
Public exploit exists!
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).
Vulnerability category: Input validation
Products affected by CVE-2023-26068
- cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cstpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxtct_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxtpm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxtmm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mslsg_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxlsg_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mslbd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxlbd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:msngm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxngm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxtgm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:msngw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mstgw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mxtgw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cslbn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cslbl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxlbn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxlbl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:csnzj_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxtzj_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxnzj_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxtpp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxtpp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cstat_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cxtat_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cstmh_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26068
19.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-26068
-
Lexmark Device Embedded Web Server RCE
Disclosure Date: 2023-03-13First seen: 2023-10-08exploit/linux/http/lexmark_faxtrace_settingsA unauthenticated Remote Code Execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would l
CVSS scores for CVE-2023-26068
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-26068
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-26068
-
http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html
Lexmark Device Embedded Web Server Remote Code Execution ≈ Packet Storm
-
https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf
Vendor Advisory
-
https://support.lexmark.com/alerts/
Lexmark Security AdvisoriesVendor Advisory
Jump to