All posts by p0p3

Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks.

Unverified Password Change – CVE-2013-6032
Certain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote unauthenticated attacker to change the administrative password of the printer’s web administration interface. The interface does not perform sufficient validation of the vac.255.GENPASSWORD parameter in POST requests to the /cgi-bin/postpf/cgi-bin/dynamic/config/config.html page, allowing an unauthenticated remote attacker to reset the administrative password to an empty string.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2013-6033
Certain models of Lexmark laser printers are vulnerable to stored cross-site scripting attacks. The printers’ administrative web interface does not perform sufficient validation of user input to the “Location” and “Contact Name” fields in the “General Settings” configuration page.

An attacker may be able to run arbitrary script in the context of a victim’s browser. The attacker may also be able to gain full administrative control of the printer.

Apply an Update

Lexmark advises users to update to the latest firmware version. A list of affected models and firmware versions, as well as accompanying fixes, can be found at Lexmark’s advisory page.
Vendor Information:

CVSS Metrics:
Group Score Vector
Base 9.0 AV:N/AC:L/Au:N/C:P/I:P/A:C
Temporal 7.4 E:F/RL:OF/RC:C
Environmental 1.9 CDP:N/TD:L/CR:ND/IR:ND/AR:ND

Vendor Date Notified: 16 Oct 2013