CVE-2024-11345
📋 TL;DR
A heap-based memory vulnerability in the Postscript interpreter of Lexmark devices allows attackers to execute arbitrary code by sending specially crafted Postscript files. This affects various Lexmark printer and multifunction devices that process Postscript files. Attackers could potentially gain control of affected devices.
💻 Affected Systems
- Various Lexmark printers and multifunction devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing attacker to install persistent malware, exfiltrate data, pivot to internal networks, or use device as part of botnet.
Likely Case
Device crash/reboot causing service disruption, or limited code execution allowing attacker to modify device settings or access scanned documents.
If Mitigated
Denial of service from device crash if exploit fails, or no impact if Postscript processing is disabled.
🎯 Exploit Status
Requires attacker to deliver malicious Postscript file to device. May require user interaction or network access to printer services.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lexmark advisory for specific firmware versions
Vendor Advisory: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Restart Required: Yes
Instructions:
1. Visit Lexmark security advisory page. 2. Identify affected models. 3. Download latest firmware for your device. 4. Apply firmware update via device web interface or management tools. 5. Verify update completed successfully.
🔧 Temporary Workarounds
Disable Postscript processing
allIf Postscript functionality is not required, disable it to prevent exploitation.
Access device web interface > Settings > Print Features > Disable Postscript
Network segmentation
allIsolate printers on separate VLAN with restricted access to prevent unauthorized file delivery.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can send files to printers
- Monitor for suspicious Postscript file submissions to printer queues
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Lexmark advisory. Devices with vulnerable firmware versions are affected.Check Version:
Access device web interface > Settings > About/Status to view firmware versionVerify Fix Applied:
Verify firmware version has been updated to patched version specified in Lexmark advisory.📡 Detection & Monitoring
Log Indicators:
- Multiple failed Postscript processing attempts
- Device crash/reboot logs
- Unusual file submissions to printer queues
Network Indicators:
- Unusual network traffic to printer ports (9100, 515, 631)
- Postscript files from unexpected sources
SIEM Query:
source="printer_logs" AND (event="postscript_error" OR event="device_reboot")