CVE-2023-50738

Summary

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.

Affected Software

VendorProductVersion RangeStatus
LexmarkPrinter Firmware0 <= 230.041affected
LexmarkPrinter Firmware230.075 <= 230.086affected
LexmarkPrinter Firmware230.100 <= 230.104affected
LexmarkPrinter Firmware230.200 <= 230.209affected

Weaknesses

  • CWE-354: CWE-354 Improper Validation of Integrity Check Value
  • CWE-1328: CWE-1328 Security Version Number Mutable to Older Versions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References