CVE-2023-40239 — HIGH (7.5)

Q: How severe is CVE-2023-40239?

CVE-2023-40239 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-40239?

Check the references section above for vendor advisories and patch information. Affected products include: Lexmark C2132 Firmware, Lexmark C2132, Lexmark Cs310 Firmware, Lexmark Cs310, Lexmark Cs317 Firmware.

Vulnerability Description

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lexmark	C2132 Firmware	<= lw80.vy4.p245
Lexmark	C2132	-
Lexmark	Cs310 Firmware	<= lw80.vyl.p245
Lexmark	Cs310	-
Lexmark	Cs317 Firmware	<= lw80.vyl.p245
Lexmark	Cs317	-
Lexmark	Cs410 Firmware	<= lw80.vy2.p245
Lexmark	Cs410	-
Lexmark	Cs417 Firmware	<= lw80.vy2.p245
Lexmark	Cs417	-
Lexmark	Cs510 Firmware	<= lw80.vy4.p245
Lexmark	Cs510	-
Lexmark	Cs517 Firmware	<= lw80.vy4.p245
Lexmark	Cs517	-
Lexmark	Cx310 Firmware	<= lw80.gm2.p245
Lexmark	Cx310	-
Lexmark	Cx317 Firmware	<= lw80.gm2.p245
Lexmark	Cx317	-
Lexmark	Cx410 Firmware	<= lw80.gm4.p245
Lexmark	Cx410	-

Related Weaknesses (CWE)

CWE-611

References

https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdfVendor Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdfVendor Advisory

FAQ

What is CVE-2023-40239?

CVE-2023-40239 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version spe...

How severe is CVE-2023-40239?

CVE-2023-40239 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-40239?

Check the references section above for vendor advisories and patch information. Affected products include: Lexmark C2132 Firmware, Lexmark C2132, Lexmark Cs310 Firmware, Lexmark Cs310, Lexmark Cs317 Firmware.