H3-2022-0096¶

Lexmark Printer Command Injection Vulnerability

Description¶

In Lexmark printers, there exists a vulnerable web page that allows attackers to inject arbitrary commands by sending a crafted web request. This is a 0-day vulnerability that has been disclosed by the Horizon3 Attack Team to Lexmark and is in the process of being patched in a future Lexmark firmware update.

Impact¶

Attackers can inject arbitrary commands and take over the device, carrying out actions such as dumping local and service credentials and accessing printed documents.

References¶

• Horizon3.ai: Reach out to Horizon3 CS if there are any questions.
• NVD: CVE-2023-26067
• NVD: CVE-2023-26068