CVE-2024-11347
📋 TL;DR
An integer overflow vulnerability in Lexmark printer PostScript interpreters allows attackers to execute arbitrary code with unprivileged user permissions. This affects Lexmark CX, XC, CS series printers and potentially other models using vulnerable PostScript modules. Attackers could gain control of affected printers through malicious print jobs.
💻 Affected Systems
- Lexmark CX series
- Lexmark XC series
- Lexmark CS series
- Other Lexmark models with PostScript interpreter
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full remote code execution leading to printer compromise, lateral movement to connected networks, data exfiltration, or use as attack platform
Likely Case
Printer compromise allowing attacker to intercept print jobs, modify printer settings, or use printer for further attacks
If Mitigated
Limited impact if network segmentation isolates printers and print servers are properly secured
🎯 Exploit Status
Exploitation requires ability to send print jobs to vulnerable printer; no public exploit code known at this time
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lexmark security advisory for specific firmware versions
Vendor Advisory: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Restart Required: Yes
Instructions:
1. Visit Lexmark security advisory page 2. Identify affected printer models 3. Download latest firmware from Lexmark support 4. Apply firmware update via printer web interface or management tools 5. Verify update completed successfully
🔧 Temporary Workarounds
Disable PostScript printing
allTemporarily disable PostScript interpreter if not required for business needs
Configure printer settings to disable PostScript via web interface or management console
Network segmentation
allIsolate printers to separate VLAN with restricted access
Configure network switches to place printers in isolated VLAN
Set firewall rules to restrict printer access to authorized print servers only
🧯 If You Can't Patch
- Implement strict network access controls to limit who can send print jobs to vulnerable printers
- Monitor printer logs for unusual print job activity or failed PostScript processing
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version via web interface (typically http://printer-ip) and compare against Lexmark advisoryCheck Version:
Check via printer web interface or use SNMP query: snmpget -v2c -c public printer-ip .1.3.6.1.2.1.25.6.3.1.2Verify Fix Applied:
Verify firmware version after update matches patched version in Lexmark advisory📡 Detection & Monitoring
Log Indicators:
- Failed PostScript job errors
- Unusual print job sources
- Printer firmware crash logs
Network Indicators:
- Unusual network traffic to printer ports (9100/tcp, 515/tcp, 631/tcp)
- Print jobs from unexpected sources
SIEM Query:
source="printer-logs" AND ("PostScript error" OR "firmware crash" OR "memory overflow")