Lexmark printers vulnerability let hackers execute code, remotely play music
Take action: Imagine how you would feel if you get a call from users that "the printer is playing music". Now imagine the amount and tone of subsequent calls to explain how that happened. Or just patch the printer firmware.
Learn More
Researchers have unveiled the proof-of-concept (PoC) code for a significant privilege escalation vulnerability tracked as CVE-2023-26067 (CVSS score of 8.0) present in Lexmark printers.
On devices lacking proper patches, this vulnerability could grant unauthorized access to attackers.
The vulnerability's root cause lies in flawed validation of user inputs within the system. To exploit this weakness, an attacker can craft a specific request directed at the printer. Once successfully exploited, the attacker gains elevated privileges on the device, potentially allowing execution of arbitrary code, extraction of credentials, or establishment of a reverse shell.
When a user powers on their Lexmark printer for the first time, an initial Setup Wizard appears on the display. This wizard guides the user through configuring various system settings, including language and administrative user setup. Opting to delay setup ("Set Up Later") grants "Guest" users unrestricted access via the printer's web interface. Conversely, selecting "Set up Now" restricts access until authentication.
Even if a user defers setup, they can later configure credentials via the web interface. However, such credentials don't limit the "Guest" account. Consequently, critical functions like access to the vulnerable endpoint "/cgi-bin/fax_change_faxtrace_settings" remain publicly accessible.
A search on Shodan for "Lexmark 3224" reveals printers with accessible online interfaces, many of which have exploitable configurations. The same configuration setup is mostly present in corporate networks using Lexmark printers.
The research unveiled various chaining possibilities for this vulnerability:
- Credential Dumping - Exploiting the weakness yields sensitive credentials, a potential initial step towards more damaging breaches. Don't forget that we all recycle passwords.
- Gaining Reverse Shell Access - Once in control, attackers construct reverse shells, extending their influence and network access.
- Unorthodox Use - This vulnerability surprisingly enables attackers to play music on affected devices.
The researchers published a is a Proof-of-Concept (PoC) code illustrating malicious exploitation of CVE-2023-26067. While no publicly known or reported exploits have been detected, releasing the PoC is a blueprint for a lot of crime groups
Lexmark has issued with firmware upgrades to rectify the issue. Users of Lexmart printers should update to the latest version available on the Lexmark website.
