Search criteria
4 vulnerabilities found for Printer Firmware by Lexmark
CVE-2023-50739 (GCVE-0-2023-50739)
Vulnerability from cvelistv5 – Published: 2025-01-17 23:47 – Updated: 2025-01-22 14:23
VLAI
Title
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
Summary
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | Printer Firmware |
Affected:
0 , ≤ 230.209
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:22:31.707775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:23:31.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u0026nbsp;devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"value": "A\u00a0buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u00a0devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T23:47:13.923Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50739",
"datePublished": "2025-01-17T23:47:13.923Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-22T14:23:31.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50738 (GCVE-0-2023-50738)
Vulnerability from cvelistv5 – Published: 2025-01-17 21:10 – Updated: 2025-01-17 22:02
VLAI
Title
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
Summary
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to
override this downgrade protection has been identified.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | Printer Firmware |
Affected:
0 , ≤ 230.041
(custom)
Affected: 230.075 , ≤ 230.086 (custom) Affected: 230.100 , ≤ 230.104 (custom) Affected: 230.200 , ≤ 230.209 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T22:02:51.732818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:02:59.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.041",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.086",
"status": "affected",
"version": "230.075",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.104",
"status": "affected",
"version": "230.100",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "230.200",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"value": "A\u00a0new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1328",
"description": "CWE-1328 Security Version Number Mutable to Older Versions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:27:34.693Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50738",
"datePublished": "2025-01-17T21:10:44.220Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-17T22:02:59.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50739 (GCVE-0-2023-50739)
Vulnerability from nvd – Published: 2025-01-17 23:47 – Updated: 2025-01-22 14:23
VLAI
Title
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
Summary
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | Printer Firmware |
Affected:
0 , ≤ 230.209
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:22:31.707775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:23:31.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u0026nbsp;devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"value": "A\u00a0buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u00a0devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T23:47:13.923Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50739",
"datePublished": "2025-01-17T23:47:13.923Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-22T14:23:31.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50738 (GCVE-0-2023-50738)
Vulnerability from nvd – Published: 2025-01-17 21:10 – Updated: 2025-01-17 22:02
VLAI
Title
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
Summary
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to
override this downgrade protection has been identified.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | Printer Firmware |
Affected:
0 , ≤ 230.041
(custom)
Affected: 230.075 , ≤ 230.086 (custom) Affected: 230.100 , ≤ 230.104 (custom) Affected: 230.200 , ≤ 230.209 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T22:02:51.732818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:02:59.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.041",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.086",
"status": "affected",
"version": "230.075",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.104",
"status": "affected",
"version": "230.100",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "230.200",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"value": "A\u00a0new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1328",
"description": "CWE-1328 Security Version Number Mutable to Older Versions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:27:34.693Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50738",
"datePublished": "2025-01-17T21:10:44.220Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-17T22:02:59.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}