A critical server-side request forgery (SSRF) vulnerability affecting some Lexmark printers could be exploited to achieve arbitrary code execution. The issue lies in the Web Services feature of more than 120 models of Lexmark printers. A firmware patch to address the flaw is available, and Lexmark suggests disabling Web Services on TCP port 65002 as a work-around.
Note
- Make sure that you, or your printer service company if you’ve outsourced, are applying the firmware update. If you’re not using the WSD Print service (port 65002) then disable it, even after the update. No need to enable unused services.
Read more in: Lexmark Security Advisory (PDF)
