Lexmark SE Menu Vulnerability Allows Arbitrary Code Execution
CVE-2023-50737
9.1CRITICAL
Summary
A vulnerability in the SE menu routines of Lexmark devices allows an attacker to leverage this weakness to execute arbitrary code, posing a significant risk for unauthorized access and potential exploitation. This issue is notable as the SE menu contains sensitive information utilized for diagnosing device errors, making it a target for attacks aimed at compromising device functionality and security.
Affected Version(s)
various various
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sina Kheirkhah of Summoning Team working with Trend Micro’s Zero Day Initiative (ZDI)