CVE-2020-35546
📋 TL;DR
Lexmark MX6500 printers with firmware LW75.JD.P296 and earlier have incorrect access control settings that allow unauthorized users to bypass security restrictions. This affects organizations using these specific Lexmark printer models with vulnerable firmware versions.
💻 Affected Systems
- Lexmark MX6500 series printers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to access sensitive documents, modify printer settings, install malicious firmware, or use the printer as a network pivot point.
Likely Case
Unauthorized access to print jobs, configuration changes, and potential exposure of sensitive documents stored in printer memory.
If Mitigated
Limited impact if network segmentation and proper access controls prevent unauthorized network access to printer management interfaces.
🎯 Exploit Status
The vulnerability involves incorrect access control, suggesting attackers could bypass authentication mechanisms without complex techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version LW75.JD.P297 or later
Vendor Advisory: https://publications.lexmark.com/publications/security-alerts/CVE-2020-35546.pdf
Restart Required: Yes
Instructions:
1. Download latest firmware from Lexmark support site. 2. Access printer web interface. 3. Navigate to Settings > General Settings > Update Firmware. 4. Upload and install the firmware file. 5. Printer will automatically restart after installation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate printers on separate VLAN with strict firewall rules limiting access to authorized management stations only.
Disable Remote Management
allDisable web interface access from network and use local console for configuration when possible.
🧯 If You Can't Patch
- Implement strict network access controls to limit which devices can communicate with printer management interfaces
- Enable and enforce strong authentication on printer web interface and monitor access logs for unauthorized attempts
🔍 How to Verify
Check if Vulnerable:
Access printer web interface, navigate to Settings > General Settings > About, check firmware version. If version is LW75.JD.P296 or earlier, device is vulnerable.Check Version:
Not applicable - check via web interface or printer display panel under Settings > General Settings > AboutVerify Fix Applied:
After firmware update, verify firmware version shows LW75.JD.P297 or later in the About section.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to printer web interface
- Multiple failed authentication attempts followed by successful access
- Configuration changes from unexpected IP addresses
Network Indicators:
- Unusual HTTP traffic to printer management ports (typically 80, 443, 9100)
- Traffic patterns suggesting enumeration of printer interfaces
SIEM Query:
source_ip=* AND dest_ip=printer_ip AND (http_user_agent CONTAINS 'Mozilla' OR http_method IN ('POST','PUT')) AND http_status=200