Firmware Downgrade Override Vulnerability in Lexmark Products
CVE-2023-50738

4.3MEDIUM

Key Information:

Vendor: Lexmark
Status: Printer Firmware
Vendor: CVE Published:; 17 January 2025

What is CVE-2023-50738?

A vulnerability has been discovered in specific Lexmark products that allows attackers to bypass newly implemented firmware downgrade protection features. This flaw could enable malicious actors to exploit older firmware versions, potentially compromising device security and integrity. Keeping systems updated is crucial to mitigate these risks.

Affected Version(s)

Printer Firmware 0 <= 230.041

Printer Firmware 230.075 <= 230.086

Printer Firmware 230.100 <= 230.104

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Dec 11, 2023