{"id":169511,"date":"2023-08-12T04:22:40","date_gmt":"2023-08-12T09:22:40","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/08\/this-code-lets-hackers-remotely-play-music-on-lexmark-printers-and-spy-on-users"},"modified":"2023-08-12T04:22:40","modified_gmt":"2023-08-12T09:22:40","slug":"this-code-lets-hackers-remotely-play-music-on-lexmark-printers-and-spy-on-users","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/08\/this-code-lets-hackers-remotely-play-music-on-lexmark-printers-and-spy-on-users","title":{"rendered":"This code lets hackers remotely play music on Lexmark printers and spy on users"},"content":{"rendered":"

<\/a><\/p>\n

Researchers in the field of information security at Horizon3 have made public the proof-of-concept (PoC) code for a major privilege escalation vulnerability (CVE-2023\u201326067) found in Lexmark printers<\/a>. On a device that has not been patched, this vulnerability, which has a CVSS score of 8.0, might enable an attacker to get elevated access if the device is not updated.<\/p>\n

Incorrect validation of user-supplied information is what led to the vulnerability in the system. This vulnerability might be exploited by the attacker by having the attacker make a specially crafted request to the printer. Once the vulnerability has been exploited, the attacker has the potential to get escalated rights on the device, which might give them the ability to execute arbitrary code, spill credentials, or obtain a reverse shell.<\/p>\n

Configurations prone to vulnerability <\/strong>An initial Setup Wizard is shown on the display of the user\u2019s Lexmark printer the very first time it is turned on by the user. This wizard walks the user through the process of configuring several system settings, such as the language, as well as giving them the opportunity to setup an administrative user. If the user makes the selection \u201cSet Up Later,\u201d the printer will provide \u201cGuest\u201d users access to all of the features and pages available through the web interface of the printer. If the user selects \u201cSet up Now,\u201d the printer will prevent them from accessing a significant portion of their accessible capability until they have authenticated themselves.<\/p>\n","protected":false},"excerpt":{"rendered":"

Researchers in the field of information security at Horizon3 have made public the proof-of-concept (PoC) code for a major privilege escalation vulnerability (CVE-2023\u201326067) found in Lexmark printers. On a device that has not been patched, this vulnerability, which has a CVSS score of 8.0, might enable an attacker to get elevated access if the device [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418,42,1492],"tags":[],"class_list":["post-169511","post","type-post","status-publish","format-standard","hentry","category-internet","category-media-arts","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/169511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=169511"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/169511\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=169511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=169511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=169511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}