CVE-2024-11344

Summary

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTLS.240.076affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXTLS.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTLS.240.076affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTLS.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTLS.240.076affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSTLS.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNSN.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSNSN.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTSN.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSTSN.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTSN.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTSN.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSNGV.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSNGV.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTGV.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSTGV.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTGV.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXTGV.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTPC.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXTPC.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTPC.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSTPC.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTCT.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTCT.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTPM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTPM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTMM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXTMM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTMM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSTMM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTZJ.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSTZJ.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSNZJ.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CSNZJ.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTZJ.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXTZJ.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXNZJ.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.CXNZJ.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNGM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSNGM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTGM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSTGM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXNGM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXNGM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTGM.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTGM.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNGW.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSNGW.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTGW.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MSTGW.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTGW.240.042affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.MXTGW.240.200 < *affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSLSG.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXLSG.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSLBD.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXLBD.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSLBN.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSLBL.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXLBN.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXLBL.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTPP.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTPP.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTAT.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTAT.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTMH.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTMH.230.401affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.TL2.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.PR2.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.PR4.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.SB4.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.SB7.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.DN2.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.DN4.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.DN7.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.TU.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.SA.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.MG.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.GM7.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.GM4.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW90.VY4.P215affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW80.PRL.P257affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW80.SB2.P257affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW80.VYL.P257affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW80.VY2.P257affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= LW80.GM2.P257affected

Weaknesses

  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Workarounds

Lexmark recommends a firmware update if your device has affected firmware.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References