CVE-2023-26063
📋 TL;DR
This vulnerability in Lexmark devices allows attackers to access resources using incompatible types, potentially leading to remote code execution or device compromise. It affects certain Lexmark devices through February 19, 2023. Organizations using vulnerable Lexmark printers and multifunction devices are at risk.
💻 Affected Systems
- Lexmark printers
- Lexmark multifunction devices
📦 What is this software?
Lp Firmware by Lexmark
Lp Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
Lr Firmware by Lexmark
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full device compromise, allowing attackers to install malware, steal data, or use the device as a foothold into the network.
Likely Case
Device compromise leading to denial of service, unauthorized access to print jobs, or credential theft from device memory.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting print functionality.
🎯 Exploit Status
CVSS 9.8 indicates critical severity with network attack vector and no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released after 2023-02-19
Vendor Advisory: https://publications.lexmark.com/publications/security-alerts/CVE-2023-26063.pdf
Restart Required: Yes
Instructions:
1. Visit Lexmark support site. 2. Identify your device model. 3. Download latest firmware. 4. Apply firmware update following manufacturer instructions. 5. Reboot device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Lexmark devices on separate VLAN with restricted access
Access Control Lists
allImplement firewall rules to restrict device access to authorized IPs only
🧯 If You Can't Patch
- Disable all unnecessary network services on devices
- Implement strict network segmentation and monitor for anomalous traffic
🔍 How to Verify
Check if Vulnerable:
Check device firmware version date; if before 2023-02-19, likely vulnerableCheck Version:
Check device web interface or printed configuration page for firmware versionVerify Fix Applied:
Confirm firmware version date is after 2023-02-19 and matches latest available version📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- Unexpected firmware modification logs
- Abnormal network traffic from printer IPs
Network Indicators:
- Unexpected outbound connections from printers
- Port scanning originating from printer IPs
- Anomalous protocol usage on printer ports
SIEM Query:
source_ip IN (printer_ips) AND (event_type="authentication_failure" OR protocol_anomaly=true)