CVE-2023-26067 - OpenCVE

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lexmark	B2236 B2338 B2442 B2546 B2650 B2865 B3340 B3442 C2325 C2326 C2425 C2535 C3224 C3326 C3426 C4150 C6160 C923 Cs331 Cs421 Cs431 Cs439 Cs521 Cs720 Cs725 Cs727 Cs728 Cs820 Cs827 Cs921 Cs923 Cs927 Cs943 Cslbl Firmware Cslbn Firmware Csnzj Firmware Cstat Firmware Cstmh Firmware Cstpc Firmware Cx421 Cx431 Cx522 Cx622 Cx625 Cx725 Cx727 Cx730 Cx735 Cx820 Cx825 Cx827 Cx86 Cx920 Cx921 Cx922 Cx923 Cx924 Cx930 Cx931 Cx942 Cx943 Cx944 Cxlbl Firmware Cxlbn Firmware Cxnzj Firmware Cxtat Firmware Cxtmm Firmware Cxtpc Firmware Cxtpp Firmware Cxtzj Firmware M1242 M1246 M1342 M3250 M5255 M5270 Mb2236 Mb2338 Mb2442 Mb2546 Mb2650 Mb2770 Mb3442 Mc2325 Mc2425 Mc2535 Mc2640 Mc3224 Mc3326 Mc3426 Ms321 Ms331 Ms421 Ms431 Ms439 Ms521 Ms621 Ms622 Ms725 Ms821 Ms822 Ms823 Ms825 Ms826 Mslbd Firmware Mslsg Firmware Msngm Firmware Msngw Firmware Mstgw Firmware Mx321 Mx331 Mx421 Mx431 Mx432 Mx521 Mx522 Mx622 Mx721 Mx722 Mx725 Mx822 Mx826 Mx931 Mxlbd Firmware Mxlsg Firmware Mxngm Firmware Mxtct Firmware Mxtgm Firmware Mxtgw Firmware Mxtpm Firmware Xc2235 Xc2326 Xc4140 Xc4143 Xc4150 Xc4153 Xc4240 Xc4342 Xc4352 Xc6152 Xc6153 Xc8155 Xc8160 Xc8163 Xc9225 Xc9235 Xc9245 Xc9255 Xc9265 Xc9325 Xc9335 Xc9445 Xc9455 Xc9465 Xm1242 Xm1246 Xm1342 Xm3142 Xm3250 Xm5365 Xm5370 Xm7355 Xm7370

Configuration 1 [-]

AND

cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx930:-:::::::*
	cpe:2.3:h:lexmark:cx931:-:::::::*
	cpe:2.3:h:lexmark:cx942:-:::::::*
	cpe:2.3:h:lexmark:cx943:-:::::::*
	cpe:2.3:h:lexmark:cx944:-:::::::*
	cpe:2.3:h:lexmark:xc9325:-:::::::*
	cpe:2.3:h:lexmark:xc9335:-:::::::*
	cpe:2.3:h:lexmark:xc9445:-:::::::*
	cpe:2.3:h:lexmark:xc9455:-:::::::*
	cpe:2.3:h:lexmark:xc9465:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:lexmark:cstpc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs943:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lexmark:mxtct_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mx432:-:::::::*
	cpe:2.3:h:lexmark:xm3142:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:lexmark:mxtpm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx931:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lexmark:cxtmm_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx730:-:::::::*
	cpe:2.3:h:lexmark:cx735:-:::::::*
	cpe:2.3:h:lexmark:xc4342:-:::::::*
	cpe:2.3:h:lexmark:xc4352:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:lexmark:mslsg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:b2236:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lexmark:mxlsg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mb2236:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lexmark:mslbd_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:b3340:-:::::::*
	cpe:2.3:h:lexmark:b3442:-:::::::*
	cpe:2.3:h:lexmark:m1342:-:::::::*
	cpe:2.3:h:lexmark:ms331:-:::::::*
	cpe:2.3:h:lexmark:ms431:-:::::::*
	cpe:2.3:h:lexmark:ms439:-:::::::*

Configuration 9 [-]

AND

cpe:2.3:o:lexmark:mxlbd_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mb3442:-:::::::*
	cpe:2.3:h:lexmark:mx331:-:::::::*
	cpe:2.3:h:lexmark:mx431:-:::::::*
	cpe:2.3:h:lexmark:xm1342:-:::::::*

Configuration 10 [-]

AND

cpe:2.3:o:lexmark:msngm_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:b2338:-:::::::*
	cpe:2.3:h:lexmark:b2442:-:::::::*
	cpe:2.3:h:lexmark:b2546:-:::::::*
	cpe:2.3:h:lexmark:b2650:-:::::::*
	cpe:2.3:h:lexmark:m1242:-:::::::*
	cpe:2.3:h:lexmark:m1246:-:::::::*
	cpe:2.3:h:lexmark:m3250:-:::::::*
	cpe:2.3:h:lexmark:ms321:-:::::::*
	cpe:2.3:h:lexmark:ms421:-:::::::*
	cpe:2.3:h:lexmark:ms521:-:::::::*
	cpe:2.3:h:lexmark:ms621:-:::::::*
	cpe:2.3:h:lexmark:ms622:-:::::::*

Configuration 11 [-]

AND

cpe:2.3:o:lexmark:mxngm_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mb2338:-:::::::*
	cpe:2.3:h:lexmark:mx321:-:::::::*

Configuration 12 [-]

AND

cpe:2.3:o:lexmark:mxtgm_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mb2442:-:::::::*
	cpe:2.3:h:lexmark:mb2546:-:::::::*
	cpe:2.3:h:lexmark:mb2650:-:::::::*
	cpe:2.3:h:lexmark:mx421:-:::::::*
	cpe:2.3:h:lexmark:mx521:-:::::::*
	cpe:2.3:h:lexmark:mx522:-:::::::*
	cpe:2.3:h:lexmark:mx622:-:::::::*
	cpe:2.3:h:lexmark:xm1242:-:::::::*
	cpe:2.3:h:lexmark:xm1246:-:::::::*
	cpe:2.3:h:lexmark:xm3250:-:::::::*

Configuration 13 [-]

AND

cpe:2.3:o:lexmark:msngw_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:b2865:-:::::::*
	cpe:2.3:h:lexmark:ms725:-:::::::*
	cpe:2.3:h:lexmark:ms821:-:::::::*
	cpe:2.3:h:lexmark:ms823:-:::::::*
	cpe:2.3:h:lexmark:ms825:-:::::::*

Configuration 14 [-]

AND

cpe:2.3:o:lexmark:mstgw_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:m5255:-:::::::*
	cpe:2.3:h:lexmark:m5270:-:::::::*
	cpe:2.3:h:lexmark:ms822:-:::::::*
	cpe:2.3:h:lexmark:ms826:-:::::::*

Configuration 15 [-]

AND

cpe:2.3:o:lexmark:mxtgw_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mb2770:-:::::::*
	cpe:2.3:h:lexmark:mx721:-:::::::*
	cpe:2.3:h:lexmark:mx722:-:::::::*
	cpe:2.3:h:lexmark:mx725:-:::::::*
	cpe:2.3:h:lexmark:mx822:-:::::::*
	cpe:2.3:h:lexmark:mx826:-:::::::*
	cpe:2.3:h:lexmark:xm5365:-:::::::*
	cpe:2.3:h:lexmark:xm5370:-:::::::*
	cpe:2.3:h:lexmark:xm7355:-:::::::*
	cpe:2.3:h:lexmark:xm7370:-:::::::*

Configuration 16 [-]

AND

cpe:2.3:o:lexmark:cslbn_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c3426:-:::::::*
	cpe:2.3:h:lexmark:cs431:-:::::::*
	cpe:2.3:h:lexmark:cs439:-:::::::*

Configuration 17 [-]

AND

cpe:2.3:o:lexmark:cslbl_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c3224:-:::::::*
	cpe:2.3:h:lexmark:c3326:-:::::::*
	cpe:2.3:h:lexmark:cs331:-:::::::*

Configuration 18 [-]

AND

cpe:2.3:o:lexmark:cslbn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c2326:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lexmark:cxlbn_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx431:-:::::::*
	cpe:2.3:h:lexmark:mc3426:-:::::::*
	cpe:2.3:h:lexmark:xc2326:-:::::::*

Configuration 20 [-]

AND

cpe:2.3:o:lexmark:cxlbl_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:mc3224:-:::::::*
	cpe:2.3:h:lexmark:mc3326:-:::::::*

Configuration 21 [-]

AND

cpe:2.3:o:lexmark:csnzj_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c2325:-:::::::*
	cpe:2.3:h:lexmark:c2425:-:::::::*
	cpe:2.3:h:lexmark:c2535:-:::::::*
	cpe:2.3:h:lexmark:cs421:-:::::::*
	cpe:2.3:h:lexmark:cs521:-:::::::*

Configuration 22 [-]

AND

cpe:2.3:o:lexmark:cxtzj_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx522:-:::::::*
	cpe:2.3:h:lexmark:cx622:-:::::::*
	cpe:2.3:h:lexmark:cx625:-:::::::*
	cpe:2.3:h:lexmark:mc2535:-:::::::*
	cpe:2.3:h:lexmark:mc2640:-:::::::*
	cpe:2.3:h:lexmark:xc2235:-:::::::*
	cpe:2.3:h:lexmark:xc4240:-:::::::*

Configuration 23 [-]

AND

cpe:2.3:o:lexmark:cxnzj_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx421:-:::::::*
	cpe:2.3:h:lexmark:mc2325:-:::::::*
	cpe:2.3:h:lexmark:mc2425:-:::::::*

Configuration 24 [-]

AND

cpe:2.3:o:lexmark:cxtpp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx820:-:::::::*
	cpe:2.3:h:lexmark:cx825:-:::::::*
	cpe:2.3:h:lexmark:cx827:-:::::::*
	cpe:2.3:h:lexmark:cx86:-:::::::*
	cpe:2.3:h:lexmark:xc6152:-:::::::*
	cpe:2.3:h:lexmark:xc6153:-:::::::*
	cpe:2.3:h:lexmark:xc8155:-:::::::*
	cpe:2.3:h:lexmark:xc8160:-:::::::*
	cpe:2.3:h:lexmark:xc8163:-:::::::*

Configuration 25 [-]

AND

cpe:2.3:o:lexmark:cxtpp_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c6160:-:::::::*
	cpe:2.3:h:lexmark:cs820:-:::::::*
	cpe:2.3:h:lexmark:cs827:-:::::::*

Configuration 26 [-]

AND

cpe:2.3:o:lexmark:cstat_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c4150:-:::::::*
	cpe:2.3:h:lexmark:cs720:-:::::::*
	cpe:2.3:h:lexmark:cs725:-:::::::*
	cpe:2.3:h:lexmark:cs727:-:::::::*
	cpe:2.3:h:lexmark:cs728:-:::::::*

Configuration 27 [-]

AND

cpe:2.3:o:lexmark:cxtat_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cx725:-:::::::*
	cpe:2.3:h:lexmark:cx727:-:::::::*
	cpe:2.3:h:lexmark:xc4140:-:::::::*
	cpe:2.3:h:lexmark:xc4143:-:::::::*
	cpe:2.3:h:lexmark:xc4150:-:::::::*
	cpe:2.3:h:lexmark:xc4153:-:::::::*

Configuration 28 [-]

AND

cpe:2.3:o:lexmark:cstmh_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:cs921:-:::::::*
	cpe:2.3:h:lexmark:cs923:-:::::::*
	cpe:2.3:h:lexmark:cs927:-:::::::*

Configuration 29 [-]

AND

cpe:2.3:o:lexmark:cstmh_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lexmark:c923:-:::::::*
	cpe:2.3:h:lexmark:cx920:-:::::::*
	cpe:2.3:h:lexmark:cx921:-:::::::*
	cpe:2.3:h:lexmark:cx922:-:::::::*
	cpe:2.3:h:lexmark:cx923:-:::::::*
	cpe:2.3:h:lexmark:cx924:-:::::::*
	cpe:2.3:h:lexmark:xc9225:-:::::::*
	cpe:2.3:h:lexmark:xc9235:-:::::::*
	cpe:2.3:h:lexmark:xc9245:-:::::::*
	cpe:2.3:h:lexmark:xc9255:-:::::::*
	cpe:2.3:h:lexmark:xc9265:-:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html
https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf
https://support.lexmark.com/alerts/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-10T00:00:00

Updated: 2024-08-02T11:39:06.545Z

Reserved: 2023-02-19T00:00:00

Link: CVE-2023-26067

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-10T20:15:10.387

Modified: 2023-09-19T18:15:16.977

Link: CVE-2023-26067

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object