XXE Vulnerability in Lexmark Devices Prior to Firmware Update
CVE-2023-40239

7.5HIGH

Key Information:

Vendor: Lexmark
Status: C2132 Firmware
Vendor: CVE Published:; 1 September 2023

Summary

Certain Lexmark devices, including the CS310, are susceptible to XML External Entity (XXE) attacks which may lead to unauthorized information disclosure. This vulnerability can be exploited by an attacker who sends specially crafted XML content, potentially exposing sensitive data. Users are advised to upgrade to firmware version LW80.*.P246 or later to address this issue effectively.

References

https://publications.lexmark.com/publications/security-al...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2023
Vulnerability Reserved
Aug 11, 2023