CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack

From securityaffairs.com

Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models.

The CVE-2023-23560 flaw is a server-side request forgery (SSRF) in the Web Services feature of Lexmark printers, it received a CVSS score 9.0.

“A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. This vulnerability can be leveraged by an attacker to gain arbitrary code execution on the device.” reads the advisory published by the company.

Read more…