Vulnerabilites related to Lexmark - Printer Firmware
CVE-2023-50739 (GCVE-0-2023-50739)
Vulnerability from cvelistv5
Published
2025-01-17 23:47
Modified
2025-01-22 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lexmark | Printer Firmware |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:22:31.707775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:23:31.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u0026nbsp;devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"value": "A\u00a0buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark\u00a0devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T23:47:13.923Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50739",
"datePublished": "2025-01-17T23:47:13.923Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-22T14:23:31.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50738 (GCVE-0-2023-50738)
Vulnerability from cvelistv5
Published
2025-01-17 21:10
Modified
2025-01-17 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to
override this downgrade protection has been identified.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lexmark | Printer Firmware |
Version: 0 < Version: 230.075 < Version: 230.100 < Version: 230.200 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T22:02:51.732818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:02:59.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printer Firmware",
"vendor": "Lexmark",
"versions": [
{
"lessThanOrEqual": "230.041",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.086",
"status": "affected",
"version": "230.075",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.104",
"status": "affected",
"version": "230.100",
"versionType": "custom"
},
{
"lessThanOrEqual": "230.209",
"status": "affected",
"version": "230.200",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"value": "A\u00a0new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to \noverride this downgrade protection has been identified."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1328",
"description": "CWE-1328 Security Version Number Mutable to Older Versions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T21:27:34.693Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2023-50738",
"datePublished": "2025-01-17T21:10:44.220Z",
"dateReserved": "2023-12-11T20:00:38.337Z",
"dateUpdated": "2025-01-17T22:02:59.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}