CVE-2023-22960 icon indicating copy to clipboard operation
CVE-2023-22960 copied to clipboard

Published 20 hours ago verified publisher icon t3l3machus

Metadata

This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both...

PoC for CVE-2023-22960

Python License

Details

PoC for CVE-2023-22960 that I discovered. This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server interface of all Lexmark printer models that have a firmware version released before 01/2023. This issue affects both username-password and PIN authentication.

Official security advisory -> https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdf

PoC tested against:

  • Lexmark MX622adhe
  • Lexmark CX735adse
  • Lexmark MX521ade

Video Presentation

In this video I demonstrate the issue as well as how to write an http(s) login bruteforce script with Python.
https://www.youtube.com/watch?v=HuAqTScr_3s

Preview

Without the brute-force prevention bypass:
image

Applying the brute-force prevention bypass:
image

Metadata

84
Stars
16
Forks
Watchers

Owner

verified publisher icon t3l3machus

Metadata

This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both...

Back