4.3
CVE-2023-50738
- EPSS 0.27%
- Veröffentlicht 17.01.2025 21:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 7bc73191-a2b6-4c63-9918-753964
- CVE-Watchlists
- Unerledigt
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLexmark
≫
Produkt
Printer Firmware
Default Statusunaffected
Version <=
230.041
Version
0
Status
affected
Version <=
230.086
Version
230.075
Status
affected
Version <=
230.104
Version
230.100
Status
affected
Version <=
230.209
Version
230.200
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.181 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 7bc73191-a2b6-4c63-9918-753964601853 | 4.3 | 0.9 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
CWE-1328 Security Version Number Mutable to Older Versions
Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.
CWE-354 Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html