PoC released for CVE-2023-26067 flaw in Lexmark Printers

Horizon3 security researchers have released proof-of-concept (PoC) code for a critical privilege escalation vulnerability (CVE-2023-26067) in Lexmark printers. This vulnerability has a CVSS score of 8.0 and could allow an attacker to gain elevated privileges on an unpatched device.

The vulnerability is caused by improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a specially-crafted request to the printer. Once exploited, the attacker could gain elevated privileges on the device, which could allow them to execute arbitrary code, dump credentials, or gain a reverse shell.

Horizon3 has delved deep into this flaw, uncovering ways in which it can be chained by creative and resourceful attackers. A blog post published on Friday by Horizon3 sheds light on the layered intricacy of this vulnerability. Here’s a glimpse into what potential attackers could achieve:

1. Dump Credentials: Attackers can exploit this flaw to gather sensitive credentials, an initial step that could lead to more comprehensive and devastating breaches.
2. Gain Reverse Shells: By taking control over a device, attackers can establish a reverse shell, further broadening the scope of their control and access within a network.
3. Play Music: Surprisingly, this flaw even allows attackers to play music on affected devices. While this may seem trivial, it emphasizes the level of control that could be gained through this vulnerability.

Horizon3 has gone a step further by publishing a Proof-of-Concept (PoC) code that demonstrates how to abuse the CVE-2023-26067 vulnerability. While there have been no public reports or attempts to exploit this in the wild, the publication of the PoC code is a double-edged sword.

On one hand, it’s a wake-up call to the industry and end-users, emphasizing the need for immediate action. On the other, it provides a roadmap that resourceful and motivated threat actors could quickly adopt or modify to launch their attacks.

Lexmark has released firmware updates to address this vulnerability. If you have a Lexmark printer, you should check the firmware version and update it to the latest version as soon as possible. You can find the firmware update for your printer on the Lexmark website.

This vulnerability is a serious threat to Lexmark printers. Resourceful and motivated threat actors will likely move quickly to exploit this vulnerability. It is important to update your firmware as soon as possible to protect your printers from attack.

In addition to updating your firmware, you can also take the following steps to protect your printers from attack:

• Use strong passwords for your printers.
• Enable authentication for the web interface of your printers.
• Keep your printers up to date with the latest security patches.
• Use a firewall to block unauthorized access to your printers.

By following these steps, you can help to protect your Lexmark printers from attack.