Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-40239
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-01 Sep, 2023 | 11:15
Updated At-07 Sep, 2023 | 16:26

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Lexmark International, Inc.
lexmark
>>c2132>>-
cpe:2.3:h:lexmark:c2132:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c2132_firmware>>Versions up to lw80.vy4.p245(inclusive)
cpe:2.3:o:lexmark:c2132_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs310>>-
cpe:2.3:h:lexmark:cs310:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs310_firmware>>Versions up to lw80.vyl.p245(inclusive)
cpe:2.3:o:lexmark:cs310_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs317>>-
cpe:2.3:h:lexmark:cs317:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs317_firmware>>Versions up to lw80.vyl.p245(inclusive)
cpe:2.3:o:lexmark:cs317_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs410>>-
cpe:2.3:h:lexmark:cs410:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs410_firmware>>Versions up to lw80.vy2.p245(inclusive)
cpe:2.3:o:lexmark:cs410_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs417>>-
cpe:2.3:h:lexmark:cs417:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs417_firmware>>Versions up to lw80.vy2.p245(inclusive)
cpe:2.3:o:lexmark:cs417_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs510>>-
cpe:2.3:h:lexmark:cs510:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs510_firmware>>Versions up to lw80.vy4.p245(inclusive)
cpe:2.3:o:lexmark:cs510_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs517>>-
cpe:2.3:h:lexmark:cs517:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cs517_firmware>>Versions up to lw80.vy4.p245(inclusive)
cpe:2.3:o:lexmark:cs517_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx310>>-
cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx310_firmware>>Versions up to lw80.gm2.p245(inclusive)
cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx317_firmware>>Versions up to lw80.gm2.p245(inclusive)
cpe:2.3:o:lexmark:cx317_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx317>>-
cpe:2.3:h:lexmark:cx317:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx410_firmware>>Versions up to lw80.gm4.p245(inclusive)
cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx410>>-
cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx417_firmware>>Versions up to lw80.gm4.p245(inclusive)
cpe:2.3:o:lexmark:cx417_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx417>>-
cpe:2.3:h:lexmark:cx417:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx510_firmware>>Versions up to lw80.gm7.p245(inclusive)
cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx510>>-
cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx517_firmware>>Versions up to lw80.gm7.p245(inclusive)
cpe:2.3:o:lexmark:cx517_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>cx517>>-
cpe:2.3:h:lexmark:cx517:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1140\+_firmware>>Versions up to lw80.pr2.p245(inclusive)
cpe:2.3:o:lexmark:m1140\+_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1140\+>>-
cpe:2.3:h:lexmark:m1140\+:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1140_firmware>>Versions up to lw80.prl.p245(inclusive)
cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1140>>-
cpe:2.3:h:lexmark:m1140:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1145_firmware>>Versions up to lw80.pr2.p245(inclusive)
cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m1145>>-
cpe:2.3:h:lexmark:m1145:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m3150de_firmware>>Versions up to lw80.pr4.p245(inclusive)
cpe:2.3:o:lexmark:m3150de_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m3150de>>-
cpe:2.3:h:lexmark:m3150de:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m3150dn_firmware>>Versions up to lw80.pr2.p245(inclusive)
cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m3150dn>>-
cpe:2.3:h:lexmark:m3150dn:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5155_firmware>>Versions up to lw80.dn4.p245(inclusive)
cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5155>>-
cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5163de_firmware>>Versions up to lw80.dn4.p245(inclusive)
cpe:2.3:o:lexmark:m5163de_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5163de>>-
cpe:2.3:h:lexmark:m5163de:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5163dn_firmware>>Versions up to lw80.dn2.p245(inclusive)
cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5163dn>>-
cpe:2.3:h:lexmark:m5163dn:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5170_firmware>>Versions up to lw80.dn7.p245(inclusive)
cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>m5170>>-
cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms310_firmware>>Versions up to lw80.prl.p245(inclusive)
cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms310>>-
cpe:2.3:h:lexmark:ms310:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms312_firmware>>Versions up to lw80.prl.p245(inclusive)
cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms312>>-
cpe:2.3:h:lexmark:ms312:-:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms315_firmware>>Versions up to lw80.tl2.p245(inclusive)
cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>ms315>>-
cpe:2.3:h:lexmark:ms315:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdfcve@mitre.org
Vendor Advisory
Hyperlink: https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf
Source: cve@mitre.org
Resource:
Vendor Advisory
Change History
0Changes found
Details not found