Lucene search

[email protected]CVE-2023-40239

HistorySep 01, 2023 - 11:15 a.m.

CVE-2023-40239

2023-09-0111:15:42

CWE-611

[email protected]

web.nvd.nist.gov

lexmark

xxe attack

firmware

vulnerability

cve-2023-40239

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '’ indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Affected configurations

NVD

Node

lexmarkc2132Match-

AND

lexmarkc2132_firmwareRange≤lw80.vy4.p245

Node

lexmarkcs310Match-

AND

lexmarkcs310_firmwareRange≤lw80.vyl.p245

Node

lexmarkcs317Match-

AND

lexmarkcs317_firmwareRange≤lw80.vyl.p245

Node

lexmarkcs410Match-

AND

lexmarkcs410_firmwareRange≤lw80.vy2.p245

Node

lexmarkcs417Match-

AND

lexmarkcs417_firmwareRange≤lw80.vy2.p245

Node

lexmarkcs510Match-

AND

lexmarkcs510_firmwareRange≤lw80.vy4.p245

Node

lexmarkcs517Match-

AND

lexmarkcs517_firmwareRange≤lw80.vy4.p245

Node

lexmarkcx310Match-

AND

lexmarkcx310_firmwareRange≤lw80.gm2.p245

Node

lexmarkcx317_firmwareRange≤lw80.gm2.p245

AND

lexmarkcx317Match-

Node

lexmarkcx410_firmwareRange≤lw80.gm4.p245

AND

lexmarkcx410Match-

Node

lexmarkcx417_firmwareRange≤lw80.gm4.p245

AND

lexmarkcx417Match-

Node

lexmarkcx510_firmwareRange≤lw80.gm7.p245

AND

lexmarkcx510Match-

Node

lexmarkcx517_firmwareRange≤lw80.gm7.p245

AND

lexmarkcx517Match-

Node

lexmarkm1140\+_firmwareRange≤lw80.pr2.p245

AND

lexmarkm1140\+Match-

Node

lexmarkm1140_firmwareRange≤lw80.prl.p245

AND

lexmarkm1140Match-

Node

lexmarkm1145_firmwareRange≤lw80.pr2.p245

AND

lexmarkm1145Match-

Node

lexmarkm3150de_firmwareRange≤lw80.pr4.p245

AND

lexmarkm3150deMatch-

Node

lexmarkm3150dn_firmwareRange≤lw80.pr2.p245

AND

lexmarkm3150dnMatch-

Node

lexmarkm5155_firmwareRange≤lw80.dn4.p245

AND

lexmarkm5155Match-

Node

lexmarkm5163de_firmwareRange≤lw80.dn4.p245

AND

lexmarkm5163deMatch-

Node

lexmarkm5163dn_firmwareRange≤lw80.dn2.p245

AND

lexmarkm5163dnMatch-

Node

lexmarkm5170_firmwareRange≤lw80.dn7.p245

AND

lexmarkm5170Match-

Node

lexmarkms310_firmwareRange≤lw80.prl.p245

AND

lexmarkms310Match-

Node

lexmarkms312_firmwareRange≤lw80.prl.p245

AND

lexmarkms312Match-

Node

lexmarkms315_firmwareRange≤lw80.tl2.p245

AND

lexmarkms315Match-

Node

lexmarkms317_firmwareRange≤lw80.prl.p245

AND

lexmarkms317Match-

Node

lexmarkms410_firmwareRange≤lw80.prl.p245

AND

lexmarkms410Match-

Node

lexmarkms415_firmwareRange≤lw80.tl2.p245

AND

lexmarkms415Match-

Node

lexmarkms417_firmwareRange≤lw80.tl2.p245

AND

lexmarkms417Match-

Node

lexmarkms510_firmwareRange≤lw80.pr2.p245

AND

lexmarkms510Match-

Node

lexmarkms517_firmwareRange≤lw80.pr2.p245

AND

lexmarkms517Match-

Node

lexmarkms610de_firmwareRange≤lw80.pr4.p245

AND

lexmarkms610deMatch-

Node

lexmarkms610dn_firmwareRange≤lw80.pr2.p245

AND

lexmarkms610dnMatch-

Node

lexmarkms617_firmwareRange≤lw80.pr2.p245

AND

lexmarkms617Match-

Node

lexmarkms710_firmwareRange≤lw80.dn2.p245

AND

lexmarkms710Match-

Node

lexmarkms711_firmwareRange≤lw80.dn2.p245

AND

lexmarkms711Match-

Node

lexmarkms810de_firmwareRange≤lw80.dn4.p245

AND

lexmarkms810deMatch-

Node

lexmarkms810dn_firmwareRange≤lw80.dn2.p245

AND

lexmarkms810dnMatch-

Node

lexmarkms811_firmwareRange≤lw80.dn2.p245

AND

lexmarkms811Match-

Node

lexmarkms812de_firmwareRange≤lw80.dn7.p245

AND

lexmarkms812deMatch-

Node

lexmarkms812dn_firmwareRange≤lw80.dn2.p245

AND

lexmarkms812dnMatch-

Node

lexmarkms817_firmwareRange≤lw80.dn2.p245

AND

lexmarkms817Match-

Node

lexmarkms818_firmwareRange≤lw80.dn2.p245

AND

lexmarkms818Match-

Node

lexmarkms911_firmwareRange≤lw80.sa.p245

AND

lexmarkms911Match-

Node

lexmarkmx310_firmwareRange≤lw80.sb2.p245

AND

lexmarkmx310Match-

Node

lexmarkmx317_firmwareRange≤lw80.sb2.p245

AND

lexmarkmx317Match-

Node

lexmarkmx410_firmwareRange≤lw80.sb4.p245

AND

lexmarkmx410Match-

Node

lexmarkmx417_firmwareRange≤lw80.sb4.p245

AND

lexmarkmx417Match-

Node

lexmarkmx510_firmwareRange≤lw80.sb4.p245

AND

lexmarkmx510Match-

Node

lexmarkmx511_firmwareRange≤lw80.sb4.p245

AND

lexmarkmx511Match-

Node

lexmarkmx517_firmwareRange≤lw80.sb4.p245

AND

lexmarkmx517Match-

Node

lexmarkmx610_firmwareRange≤lw80.sb7.p245

AND

lexmarkmx610Match-

Node

lexmarkmx611_firmwareRange≤lw80.sb7.p245

AND

lexmarkmx611Match-

Node

lexmarkmx617_firmwareRange≤lw80.sb7.p245

AND

lexmarkmx617Match-

Node

lexmarkmx710_firmwareRange≤lw80.tu.p245

AND

lexmarkmx710Match-

Node

lexmarkmx711_firmwareRange≤lw80.tu.p245

AND

lexmarkmx711Match-

Node

lexmarkmx717_firmwareRange≤lw80.tu.p245

AND

lexmarkmx717Match-

Node

lexmarkmx718_firmwareRange≤lw80.tu.p245

AND

lexmarkmx718Match-

Node

lexmarkmx810_firmwareRange≤lw80.tu.p245

AND

lexmarkmx810Match-

Node

lexmarkmx811_firmwareRange≤lw80.tu.p245

AND

lexmarkmx811Match-

Node

lexmarkmx812_firmwareRange≤lw80.tu.p245

AND

lexmarkmx812Match-

Node

lexmarkmx910_firmwareRange≤lw80.mg.p245

AND

lexmarkmx910Match-

Node

lexmarkmx911_firmwareRange≤lw80.mg.p245

AND

lexmarkmx911Match-

Node

lexmarkmx912_firmwareRange≤lw80.mg.p245

AND

lexmarkmx912Match-

Node

lexmarkxc2130_firmwareRange≤lw80.gm4.p245

AND

lexmarkxc2130Match-

Node

lexmarkxc2132_firmwareRange≤lw80.gm7.p245

AND

lexmarkxc2132Match-

Node

lexmarkxm1135_firmwareRange≤lw80.sb2.p245

AND

lexmarkxm1135Match-

Node

lexmarkxm1140_firmwareRange≤lw80.sb4.p245

AND

lexmarkxm1140Match-

Node

lexmarkxm1145_firmwareRange≤lw80.sb4.p245

AND

lexmarkxm1145Match-

Node

lexmarkxm3150_firmwareRange≤lw80.sb7.p245

AND

lexmarkxm3150Match-

Node

lexmarkxm5163_firmwareRange≤lw80.tu.p245

AND

lexmarkxm5163Match-

Node

lexmarkxm5170_firmwareRange≤lw80.tu.p245

AND

lexmarkxm5170Match-

Node

lexmarkxm5263_firmwareRange≤lw80.tu.p245

AND

lexmarkxm5263Match-

Node

lexmarkxm5270_firmwareRange≤lw80.tu.p245

AND

lexmarkxm5270Match-

Node

lexmarkxm7155_firmwareRange≤lw80.tu.p245

AND

lexmarkxm7155Match-

Node

lexmarkxm7163_firmwareRange≤lw80.tu.p245

AND

lexmarkxm7163Match-

Node

lexmarkxm7170_firmwareRange≤lw80.tu.p245

AND

lexmarkxm7170Match-

Node

lexmarkxm7263_firmwareRange≤lw80.tu.p245

AND

lexmarkxm7263Match-

Node

lexmarkxm7270_firmwareRange≤lw80.tu.p245

AND

lexmarkxm7270Match-

Node

lexmarkxm9145_firmwareRange≤lw80.mg.p245

AND

lexmarkxm9145Match-

Node

lexmarkxm9155_firmwareRange≤lw80.mg.p245

AND

lexmarkxm9155Match-

Node

lexmarkxm9165_firmwareRange≤lw80.mg.p245

AND

lexmarkxm9165Match-

CPENameOperatorVersion
lexmark:c2132_firmwarelexmark c2132 firmwarelelw80.vy4.p245

CPE	Name	Operator	Version
lexmark:c2132_firmware	lexmark c2132 firmware	le	lw80.vy4.p245

References

publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

Related for CVE-2023-40239

cvelist1 prion1 nvd1