CVE-2023-23560

high-risk

Published 2023-01-23

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

B2236 Firmware

B2338 Firmware

B2442 Firmware

B2546 Firmware

B2650 Firmware

B2865 Firmware

B3340 Firmware

B3442 Firmware

C2240 Firmware

C2325 Firmware

C2326 Firmware

C2425 Firmware

C2535 Firmware

C3224 Firmware

C3326 Firmware

C3426 Firmware

C4150 Firmware

C6160 Firmware

C9235 Firmware

Cs331 Firmware

Lexmark

Vendor Advisory https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf

Vendor Advisory https://support.lexmark.com/alerts/

Vendor Advisory https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf

Vendor Advisory https://support.lexmark.com/alerts/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 4/34 · Minimal

Exposure 32/34 · Critical