CVE-2023-40239

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
82
Lexmark C2132 FirmwareLexmark Cs310 FirmwareLexmark Cs317 Firmware+79 more
Timeline
PublishedSep 1

Description

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages82 packages

NVDlexmark/cs310_firmwarelw80.vyl.p245
NVDlexmark/c2132_firmwarelw80.vy4.p245
NVDlexmark/cs317_firmwarelw80.vyl.p245
NVDlexmark/cs410_firmwarelw80.vy2.p245
NVDlexmark/cs417_firmwarelw80.vy2.p245

🔴Vulnerability Details

2
GHSA
GHSA-cwqw-75wv-wxpm: Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure2023-09-01
CVEList
CVE-2023-40239: Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure2023-09-01
CVE-2023-40239 (HIGH CVSS 7.5) | Certain Lexmark devices (such as CS | cvebase.io