CVE-2023-50738

EPSS 0.02%
Veröffentlicht 17.01.2025 21:15:09
Zuletzt bearbeitet 17.01.2025 22:15:28
Quelle 7bc73191-a2b6-4c63-9918-753964
CVE-Watchlists
Login
Unerledigt
Login

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to 
override this downgrade protection has been identified.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLexmark

≫

Produkt Printer Firmware

Default Statusunaffected

Version <= 230.041

Version 0

Status affected

Version <= 230.086

Version 230.075

Status affected

Version <= 230.104

Version 230.100

Status affected

Version <= 230.209

Version 230.200

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
7bc73191-a2b6-4c63-9918-753964601853	4.3	0.9	3.4	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-1328 Security Version Number Mutable to Older Versions

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

https://nvd.nist.gov/vuln/detail/CVE-2023-50738

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50738

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50738

EUVD