A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark SMB devices. In some cases, an attacker can use SSRF to move through corporate networks to exploit otherwise inaccessible internal systems or extract secrets. Updates are available.
In its Security Advisory, Lexmark informs users of Lexmark devices for the SME sector about a highly dangerous security vulnerability with a CVSS value of 8.6 out of 10. This makes network access possible for attackers via Server-Side Request Forgery (SSRF). The manufacturer recommends an immediate update of the firmware of the affected devices.
Over 150 Lexmark models with SSRF vulnerability
Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to trick the server-side application into making requests to an unintended location. In a typical SSRF attack, the attacker could force the server to connect only to internal services within the company's infrastructure. In other cases, the attacker can force the server to connect to any external system. This could result in sensitive data such as: B. Credentials can be intercepted.
To quickly check the firmware, Lexmark says users should do the following: “To determine the firmware version of a device, select Settings -> Reports -> Menu Settings Page. If the firmware version listed under “Device Information” matches a firmware version listed in the Lexmark list, the version should be updated immediately.”
Direct to PDF at Lexmark.com