CVE-2023-40239
published 2023-09-01CVE-2023-40239: Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.
Affected
82 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lexmark | c2132_firmware | <= lw80.vy4.p245 | — |
| lexmark | cs310_firmware | <= lw80.vyl.p245 | — |
| lexmark | cs317_firmware | <= lw80.vyl.p245 | — |
| lexmark | cs410_firmware | <= lw80.vy2.p245 | — |
| lexmark | cs417_firmware | <= lw80.vy2.p245 | — |
| lexmark | cs510_firmware | <= lw80.vy4.p245 | — |
| lexmark | cs517_firmware | <= lw80.vy4.p245 | — |
| lexmark | cx310_firmware | <= lw80.gm2.p245 | — |
| lexmark | cx317_firmware | <= lw80.gm2.p245 | — |
| lexmark | cx410_firmware | <= lw80.gm4.p245 | — |
| lexmark | cx417_firmware | <= lw80.gm4.p245 | — |
| lexmark | cx510_firmware | <= lw80.gm7.p245 | — |
| lexmark | cx517_firmware | <= lw80.gm7.p245 | — |
| lexmark | m1140_+_firmware | <= lw80.pr2.p245 | — |
| lexmark | m1140_firmware | <= lw80.prl.p245 | — |
| lexmark | m1145_firmware | <= lw80.pr2.p245 | — |
| lexmark | m3150de_firmware | <= lw80.pr4.p245 | — |
| lexmark | m3150dn_firmware | <= lw80.pr2.p245 | — |
| lexmark | m5155_firmware | <= lw80.dn4.p245 | — |
| lexmark | m5163de_firmware | <= lw80.dn4.p245 | — |
| lexmark | m5163dn_firmware | <= lw80.dn2.p245 | — |
| lexmark | m5170_firmware | <= lw80.dn7.p245 | — |
| lexmark | ms310_firmware | <= lw80.prl.p245 | — |
| lexmark | ms312_firmware | <= lw80.prl.p245 | — |
| lexmark | ms315_firmware | <= lw80.tl2.p245 | — |