CVE-2023-40239

Q: What is the severity of CVE-2023-40239?

CVE-2023-40239 has a CVSS score of 7.5 (HIGH). This vulnerability in certain Lexmark devices allows XML External Entity (XXE) attacks, which can lead to information disclosure by reading files from the device's filesystem. It affects Lexmark devices like the CS310 series running firmware versions before LW80.*.P246. Organizations using these vulnerable printer/MFP devices are at risk.

7.5 HIGH

XXE

📋 TL;DR

This vulnerability in certain Lexmark devices allows XML External Entity (XXE) attacks, which can lead to information disclosure by reading files from the device's filesystem. It affects Lexmark devices like the CS310 series running firmware versions before LW80.*.P246. Organizations using these vulnerable printer/MFP devices are at risk.

💻 Affected Systems

Products:

Lexmark CS310 series and other unspecified Lexmark devices

Versions: All firmware versions before LW80.*.P246

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The '*' in the version indicates variation across product families, but all require firmware level P246 or higher for remediation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive files from the device's filesystem, potentially obtaining configuration files, credentials, or other sensitive data stored on the device.

🟠

Likely Case

Information disclosure of device configuration files, potentially revealing network settings or other operational data.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XXE vulnerabilities typically have low exploitation complexity and can be exploited without authentication if the vulnerable endpoint is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LW80.*.P246 or higher

Vendor Advisory: https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf

Restart Required: Yes

Instructions:

1. Identify affected Lexmark devices. 2. Download firmware version LW80.*.P246 or higher from Lexmark support portal. 3. Upload and install the firmware update via the device web interface. 4. Reboot the device after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Lexmark devices on separate network segments with restricted access

Access Control Lists

all

Implement firewall rules to restrict access to device management interfaces

🧯 If You Can't Patch

Segment vulnerable devices on isolated network segments with strict access controls
Disable unnecessary services and interfaces on affected devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip]/settings

Check Version:

curl -s http://[device-ip]/settings | grep -i firmware

Verify Fix Applied:

Verify firmware version shows LW80.*.P246 or higher in device settings

📡 Detection & Monitoring

Log Indicators:

Unusual XML parsing errors in device logs
Multiple failed XML processing attempts

Network Indicators:

Unusual XML payloads sent to device management interfaces
External entity references in XML requests

SIEM Query:

source="lexmark-device" AND (message="XML" OR message="XXE" OR message="external entity")

📊 Metadata

CVE ID: CVE-2023-40239

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-611

Published: September 1, 2023

Last Updated: November 21, 2024

🔗 References

https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf Vendor Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C2132 Firmware by Lexmark

Cs310 Firmware by Lexmark

Cs317 Firmware by Lexmark

Cs410 Firmware by Lexmark

Cs417 Firmware by Lexmark

Cs510 Firmware by Lexmark

Cs517 Firmware by Lexmark

Cx310 Firmware by Lexmark

Cx317 Firmware by Lexmark

Cx410 Firmware by Lexmark

Cx417 Firmware by Lexmark

Cx510 Firmware by Lexmark

Cx517 Firmware by Lexmark

M1140\+ Firmware by Lexmark

M1140\+ Firmware by Lexmark

M1145 Firmware by Lexmark

M3150de Firmware by Lexmark

M3150dn Firmware by Lexmark

M5155 Firmware by Lexmark

M5163de Firmware by Lexmark

M5163dn Firmware by Lexmark

M5170 Firmware by Lexmark

Ms310 Firmware by Lexmark

Ms312 Firmware by Lexmark

Ms315 Firmware by Lexmark

Ms317 Firmware by Lexmark

Ms410 Firmware by Lexmark

Ms415 Firmware by Lexmark

Ms417 Firmware by Lexmark

Ms510 Firmware by Lexmark

Ms517 Firmware by Lexmark

Ms610de Firmware by Lexmark

Ms610dn Firmware by Lexmark

Ms617 Firmware by Lexmark

Ms710 Firmware by Lexmark

Ms711 Firmware by Lexmark

Ms810de Firmware by Lexmark

Ms810dn Firmware by Lexmark

Ms811 Firmware by Lexmark

Ms812de Firmware by Lexmark

Ms812dn Firmware by Lexmark

Ms817 Firmware by Lexmark

Ms818 Firmware by Lexmark

Ms911 Firmware by Lexmark

Mx310 Firmware by Lexmark

Mx317 Firmware by Lexmark

Mx410 Firmware by Lexmark

Mx417 Firmware by Lexmark

Mx510 Firmware by Lexmark

Mx511 Firmware by Lexmark

Mx517 Firmware by Lexmark

Mx610 Firmware by Lexmark

Mx611 Firmware by Lexmark

Mx617 Firmware by Lexmark

Mx710 Firmware by Lexmark

Mx711 Firmware by Lexmark

Mx717 Firmware by Lexmark

Mx718 Firmware by Lexmark

Mx810 Firmware by Lexmark

Mx811 Firmware by Lexmark

Mx812 Firmware by Lexmark

Mx910 Firmware by Lexmark

Mx911 Firmware by Lexmark

Mx912 Firmware by Lexmark

Xc2130 Firmware by Lexmark

Xc2132 Firmware by Lexmark

Xm1135 Firmware by Lexmark

Xm1140 Firmware by Lexmark

Xm1145 Firmware by Lexmark

Xm3150 Firmware by Lexmark

Xm5163 Firmware by Lexmark

Xm5170 Firmware by Lexmark

Xm5263 Firmware by Lexmark

Xm5270 Firmware by Lexmark

Xm7155 Firmware by Lexmark

Xm7163 Firmware by Lexmark

Xm7170 Firmware by Lexmark