CVE-2023-40239

Published: Sep 1, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Affected (82)

Products: Lexmark: C2132 Firmware, Cs310 Firmware, Cs317 Firmware, Cs410 Firmware, Cs417 Firmware, Cs510 Firmware, Cs517 Firmware, Cx310 Firmware, Cx317 Firmware, Cx410 Firmware, Cx417 Firmware, Cx510 Firmware, Cx517 Firmware, M1140 Firmware, M1145 Firmware, M3150de Firmware, M3150dn Firmware, M5155 Firmware, M5163de Firmware, M5163dn Firmware, M5170 Firmware, Ms310 Firmware, Ms312 Firmware, Ms315 Firmware, Ms317 Firmware, Ms410 Firmware, Ms415 Firmware, Ms417 Firmware, Ms510 Firmware, Ms517 Firmware, Ms610de Firmware, Ms610dn Firmware, Ms617 Firmware, Ms710 Firmware, Ms711 Firmware, Ms810de Firmware, Ms810dn Firmware, Ms811 Firmware, Ms812de Firmware, Ms812dn Firmware, Ms817 Firmware, Ms818 Firmware, Ms911 Firmware, Mx310 Firmware, Mx317 Firmware, Mx410 Firmware, Mx417 Firmware, Mx510 Firmware, Mx511 Firmware, Mx517 Firmware, Mx610 Firmware, Mx611 Firmware, Mx617 Firmware, Mx710 Firmware, Mx711 Firmware, Mx717 Firmware, Mx718 Firmware, Mx810 Firmware, Mx811 Firmware, Mx812 Firmware, Mx910 Firmware, Mx911 Firmware, Mx912 Firmware, Xc2130 Firmware, Xc2132 Firmware, Xm1135 Firmware, Xm1140 Firmware, Xm1145 Firmware, Xm3150 Firmware, Xm5163 Firmware, Xm5170 Firmware, Xm5263 Firmware, Xm5270 Firmware, Xm7155 Firmware, Xm7163 Firmware, Xm7170 Firmware, Xm7263 Firmware, Xm7270 Firmware, Xm9145 Firmware, Xm9155 Firmware, Xm9165 Firmware

81 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C2132 Firmware	Up to lw80.vy4.p245

Running on/with	Platform Versions
Lexmark C2132	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs310 Firmware	Up to lw80.vyl.p245

Running on/with	Platform Versions
Lexmark Cs310	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs317 Firmware	Up to lw80.vyl.p245

Running on/with	Platform Versions
Lexmark Cs317	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs410 Firmware	Up to lw80.vy2.p245

Running on/with	Platform Versions
Lexmark Cs410	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs417 Firmware	Up to lw80.vy2.p245

Running on/with	Platform Versions
Lexmark Cs417	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs510 Firmware	Up to lw80.vy4.p245

Running on/with	Platform Versions
Lexmark Cs510	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs517 Firmware	Up to lw80.vy4.p245

Running on/with	Platform Versions
Lexmark Cs517	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx310 Firmware	Up to lw80.gm2.p245

Running on/with	Platform Versions
Lexmark Cx310	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx317 Firmware	Up to lw80.gm2.p245

Running on/with	Platform Versions
Lexmark Cx317	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx410 Firmware	Up to lw80.gm4.p245

Running on/with	Platform Versions
Lexmark Cx410	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx417 Firmware	Up to lw80.gm4.p245

Running on/with	Platform Versions
Lexmark Cx417	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx510 Firmware	Up to lw80.gm7.p245

Running on/with	Platform Versions
Lexmark Cx510	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx517 Firmware	Up to lw80.gm7.p245

Running on/with	Platform Versions
Lexmark Cx517	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M1140+ Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark M1140+	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M1140 Firmware	Up to lw80.prl.p245

Running on/with	Platform Versions
Lexmark M1140	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M1145 Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark M1145	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M3150de Firmware	Up to lw80.pr4.p245

Running on/with	Platform Versions
Lexmark M3150de	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M3150dn Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark M3150dn	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5155 Firmware	Up to lw80.dn4.p245

Running on/with	Platform Versions
Lexmark M5155	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5163de Firmware	Up to lw80.dn4.p245

Running on/with	Platform Versions
Lexmark M5163de	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5163dn Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark M5163dn	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5170 Firmware	Up to lw80.dn7.p245

Running on/with	Platform Versions
Lexmark M5170	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms310 Firmware	Up to lw80.prl.p245

Running on/with	Platform Versions
Lexmark Ms310	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms312 Firmware	Up to lw80.prl.p245

Running on/with	Platform Versions
Lexmark Ms312	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms315 Firmware	Up to lw80.tl2.p245

Running on/with	Platform Versions
Lexmark Ms315	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms317 Firmware	Up to lw80.prl.p245

Running on/with	Platform Versions
Lexmark Ms317	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms410 Firmware	Up to lw80.prl.p245

Running on/with	Platform Versions
Lexmark Ms410	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms415 Firmware	Up to lw80.tl2.p245

Running on/with	Platform Versions
Lexmark Ms415	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms417 Firmware	Up to lw80.tl2.p245

Running on/with	Platform Versions
Lexmark Ms417	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms510 Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark Ms510	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms517 Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark Ms517	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610de Firmware	Up to lw80.pr4.p245

Running on/with	Platform Versions
Lexmark Ms610de	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610dn Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark Ms610dn	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms617 Firmware	Up to lw80.pr2.p245

Running on/with	Platform Versions
Lexmark Ms617	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms710 Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms710	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms711 Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms711	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms810de Firmware	Up to lw80.dn4.p245

Running on/with	Platform Versions
Lexmark Ms810de	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms810dn Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms810dn	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms811 Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms811	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms812de Firmware	Up to lw80.dn7.p245

Running on/with	Platform Versions
Lexmark Ms812de	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms812dn Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms812dn	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms817 Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms817	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms818 Firmware	Up to lw80.dn2.p245

Running on/with	Platform Versions
Lexmark Ms818	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms911 Firmware	Up to lw80.sa.p245

Running on/with	Platform Versions
Lexmark Ms911	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx310 Firmware	Up to lw80.sb2.p245

Running on/with	Platform Versions
Lexmark Mx310	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx317 Firmware	Up to lw80.sb2.p245

Running on/with	Platform Versions
Lexmark Mx317	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx410 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Mx410	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx417 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Mx417	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx510 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Mx510	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx511 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Mx511	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx517 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Mx517	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx610 Firmware	Up to lw80.sb7.p245

Running on/with	Platform Versions
Lexmark Mx610	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx611 Firmware	Up to lw80.sb7.p245

Running on/with	Platform Versions
Lexmark Mx611	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx617 Firmware	Up to lw80.sb7.p245

Running on/with	Platform Versions
Lexmark Mx617	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx710 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx710	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx711 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx711	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx717 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx717	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx718 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx718	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx810 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx810	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx811 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx811	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx812 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Mx812	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx910 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Mx910	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx911 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Mx911	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx912 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Mx912	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xc2130 Firmware	Up to lw80.gm4.p245

Running on/with	Platform Versions
Lexmark Xc2130	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xc2132 Firmware	Up to lw80.gm7.p245

Running on/with	Platform Versions
Lexmark Xc2132	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1135 Firmware	Up to lw80.sb2.p245

Running on/with	Platform Versions
Lexmark Xm1135	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1140 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Xm1140	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1145 Firmware	Up to lw80.sb4.p245

Running on/with	Platform Versions
Lexmark Xm1145	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm3150 Firmware	Up to lw80.sb7.p245

Running on/with	Platform Versions
Lexmark Xm3150	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm5163 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm5163	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm5170 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm5170	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm5263 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm5263	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm5270 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm5270	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm7155 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm7155	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm7163 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm7163	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm7170 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm7170	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm7263 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm7263	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm7270 Firmware	Up to lw80.tu.p245

Running on/with	Platform Versions
Lexmark Xm7270	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm9145 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Xm9145	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm9155 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Xm9155	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm9165 Firmware	Up to lw80.mg.p245

Running on/with	Platform Versions
Lexmark Xm9165	All versions

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf

Source: cve@mitre.org

Vendor Advisory

https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.