Lexmark has recently issued a security alert concerning a remote code execution (RCE) bug that affects over 100 of its printers. The bug, identified by CVE-2020-1918, was found in the Lexmark E360dn printer model and runs through versions 3.2.2.2 and 3.2.2.3, with other potentially vulnerable models including the Lexmark CX410, CX510, MX310, and MX410. This vulnerability was discovered by an independent security researcher even though Lexmark had previously promised to stop contributing to vulnerability research.
Although the vulnerability has not yet been used in an attack, a proof of concept (POC) has been created and published along with instructions on exploiting the bug. According to Lexmark, the POC could allow attackers to capture “sensitive information” and run commands with root privileges on the printer, allowing them to change settings, access data and delete files.
To protect users from the vulnerability, Lexmark has released an updated version of their firmware, which can be downloaded from the company’s website. The company recommends that all users of models affected by the bug upgrade to the new version. Any questions about the vulnerability can be sent to Lexmark's security team.
Although the security issue has now been fixed, it is yet another example of a potentially serious vulnerability that consumers should be aware of. It also shows the sheer number of security threats that are out there and the need for manufacturers to ensure their products are secure.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 26 Jan 2023 20:09:03 +0000