CVE 2023 22960 Save

This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.

Project README

PoC for CVE-2023-22960

Details

PoC for CVE-2023-22960 that I discovered. This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server interface of all Lexmark printer models that have a firmware version released before 01/2023. This issue affects both username-password and PIN authentication.

Official security advisory -> https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdf

PoC tested against:

Lexmark MX622adhe
Lexmark CX735adse
Lexmark MX521ade

Video Presentation

In this video I demonstrate the issue as well as how to write an http(s) login bruteforce script with Python.
https://www.youtube.com/watch?v=HuAqTScr_3s

Preview

Without the brute-force prevention bypass:

Applying the brute-force prevention bypass:

Open Source Agenda is not affiliated with "CVE 2023 22960" Project. README Source: t3l3machus/CVE-2023-22960

Stars

Open Issues

Last Commit

11 months ago

Repository

t3l3machus/CVE-2023-22960

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/cve-2023-22960"><img src="https://www.opensourceagenda.com/projects/cve-2023-22960/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022