The company has issued a security advisory in regards to the CVE-2023-23560 vulnerability, advising to update firmware on about 100 different printer models.
The vulnerability is described as a Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. This vulnerability can be leveraged by an attacker to gain arbitrary code execution on the device.
Affected models are listed in Lexmark’s Security advisory notice.
Lexmark is advising users to download latest firmware versions from its website to fix the vulnerability but also offers a workaround as follows:
Disabling the Web-Services service on the printer (TCP port 65002) blocks the ability to exploit this vulnerability. The port can be blocked by following process: “Settings”->”Network/Ports”- > “TCP/IP”- > “TCP/IP Port Access” then uncheck “TCP 65002 ( WSD Print Service )” and save.
