CVE-2023-40239

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-40239
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf Vendor Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lexmark:c2132_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:c2132:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lexmark:cs310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs310:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lexmark:cs317_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs317:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lexmark:cs410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs410:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lexmark:cs417_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs417:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lexmark:cs510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lexmark:cs517_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs517:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:lexmark:cx317_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx317:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:lexmark:cx417_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx417:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:lexmark:cx517_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx517:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:lexmark:m1140\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m1140\+:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m1140:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m1145:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:lexmark:m3150de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m3150de:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m3150dn:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:lexmark:m5163de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5163de:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5163dn:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms310:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms312:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms315:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:lexmark:ms317_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms317:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:lexmark:ms410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms410:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:lexmark:ms415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms415:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:lexmark:ms417_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms417:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:lexmark:ms510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms510:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:lexmark:ms517_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms517:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms610de:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:lexmark:ms610dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms610dn:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:lexmark:ms617_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms617:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:lexmark:ms710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms710:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:lexmark:ms711_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms711:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms810de:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:lexmark:ms810dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms810dn:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:lexmark:ms811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms811:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms812de:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:lexmark:ms812dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms812dn:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:lexmark:ms817_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms817:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:lexmark:ms818_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms818:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:lexmark:ms911_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms911:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:lexmark:mx310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx310:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:lexmark:mx317_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx317:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND
cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx410:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND
cpe:2.3:o:lexmark:mx417_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx417:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND
cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx510:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND
cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx511:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND
cpe:2.3:o:lexmark:mx517_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx517:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND
cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx610:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND
cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx611:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND
cpe:2.3:o:lexmark:mx617_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx617:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND
cpe:2.3:o:lexmark:mx710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx710:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND
cpe:2.3:o:lexmark:mx711_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx711:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND
cpe:2.3:o:lexmark:mx717_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx717:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND
cpe:2.3:o:lexmark:mx718_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx718:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND
cpe:2.3:o:lexmark:mx810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx810:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND
cpe:2.3:o:lexmark:mx811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx811:-:*:*:*:*:*:*:*

Configuration 61 (hide)

AND
cpe:2.3:o:lexmark:mx812_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx812:-:*:*:*:*:*:*:*

Configuration 62 (hide)

AND
cpe:2.3:o:lexmark:mx910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx910:-:*:*:*:*:*:*:*

Configuration 63 (hide)

AND
cpe:2.3:o:lexmark:mx911_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx911:-:*:*:*:*:*:*:*

Configuration 64 (hide)

AND
cpe:2.3:o:lexmark:mx912_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx912:-:*:*:*:*:*:*:*

Configuration 65 (hide)

AND
cpe:2.3:o:lexmark:xc2130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc2130:-:*:*:*:*:*:*:*

Configuration 66 (hide)

AND
cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc2132:-:*:*:*:*:*:*:*

Configuration 67 (hide)

AND
cpe:2.3:o:lexmark:xm1135_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm1135:-:*:*:*:*:*:*:*

Configuration 68 (hide)

AND
cpe:2.3:o:lexmark:xm1140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm1140:-:*:*:*:*:*:*:*

Configuration 69 (hide)

AND
cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm1145:-:*:*:*:*:*:*:*

Configuration 70 (hide)

AND
cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm3150:-:*:*:*:*:*:*:*

Configuration 71 (hide)

AND
cpe:2.3:o:lexmark:xm5163_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm5163:-:*:*:*:*:*:*:*

Configuration 72 (hide)

AND
cpe:2.3:o:lexmark:xm5170_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm5170:-:*:*:*:*:*:*:*

Configuration 73 (hide)

AND
cpe:2.3:o:lexmark:xm5263_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm5263:-:*:*:*:*:*:*:*

Configuration 74 (hide)

AND
cpe:2.3:o:lexmark:xm5270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm5270:-:*:*:*:*:*:*:*

Configuration 75 (hide)

AND
cpe:2.3:o:lexmark:xm7155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7155:-:*:*:*:*:*:*:*

Configuration 76 (hide)

AND
cpe:2.3:o:lexmark:xm7163_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7163:-:*:*:*:*:*:*:*

Configuration 77 (hide)

AND
cpe:2.3:o:lexmark:xm7170_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7170:-:*:*:*:*:*:*:*

Configuration 78 (hide)

AND
cpe:2.3:o:lexmark:xm7263_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7263:-:*:*:*:*:*:*:*

Configuration 79 (hide)

AND
cpe:2.3:o:lexmark:xm7270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm7270:-:*:*:*:*:*:*:*

Configuration 80 (hide)

AND
cpe:2.3:o:lexmark:xm9145_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm9145:-:*:*:*:*:*:*:*

Configuration 81 (hide)

AND
cpe:2.3:o:lexmark:xm9155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm9155:-:*:*:*:*:*:*:*

Configuration 82 (hide)

AND
cpe:2.3:o:lexmark:xm9165_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm9165:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:19

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-01 11:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40239

Mitre link : CVE-2023-40239

CVE.ORG link : CVE-2023-40239

JSON object : View

Products Affected

lexmark

  • cs417
  • ms317_firmware
  • ms517
  • mx718_firmware
  • mx410
  • mx610_firmware
  • m5170_firmware
  • ms810dn_firmware
  • xm5263_firmware
  • cs510_firmware
  • ms510
  • mx811_firmware
  • cx517
  • xm7270_firmware
  • mx310_firmware
  • mx910_firmware
  • mx317_firmware
  • mx717_firmware
  • ms810dn
  • mx710_firmware
  • mx711
  • xm5263
  • cx310_firmware
  • m5163de
  • ms812dn
  • ms810de_firmware
  • cs510
  • ms811_firmware
  • cs310
  • ms812de
  • ms310
  • mx511
  • ms617
  • ms610de_firmware
  • mx510_firmware
  • mx910
  • xm5270
  • ms711
  • mx310
  • mx617
  • xm7163_firmware
  • mx912
  • xc2132_firmware
  • xm1140
  • ms610de
  • ms711_firmware
  • ms315
  • ms810de
  • xm9145
  • cs410_firmware
  • ms312
  • xm3150
  • m5163dn
  • ms610dn_firmware
  • cs310_firmware
  • mx610
  • xm7155_firmware
  • mx510
  • xm1145_firmware
  • cx417
  • xm5163_firmware
  • cs317
  • mx711_firmware
  • xc2130_firmware
  • mx410_firmware
  • ms415_firmware
  • mx911
  • ms415
  • xm5170
  • m1140
  • mx810_firmware
  • cx510
  • ms312_firmware
  • ms410
  • c2132_firmware
  • cx410_firmware
  • xm7263
  • ms911
  • xm7170
  • cx410
  • ms911_firmware
  • xc2132
  • xm1145
  • mx811
  • xm7170_firmware
  • ms818
  • xm7263_firmware
  • ms710_firmware
  • xm5163
  • cs417_firmware
  • m1145_firmware
  • mx812
  • xm1135_firmware
  • m1140\+_firmware
  • mx718
  • mx812_firmware
  • mx511_firmware
  • xm9165
  • xm9165_firmware
  • m3150dn_firmware
  • ms517_firmware
  • m5155
  • cs317_firmware
  • cx317
  • m1145
  • ms410_firmware
  • m3150dn
  • cs517_firmware
  • cx517_firmware
  • cx317_firmware
  • xm1135
  • cx310
  • ms417
  • ms417_firmware
  • mx417_firmware
  • m3150de_firmware
  • cx417_firmware
  • mx912_firmware
  • m5163de_firmware
  • ms617_firmware
  • mx317
  • mx717
  • mx617_firmware
  • xm9155_firmware
  • xm7270
  • m1140_firmware
  • cs517
  • ms812dn_firmware
  • xm9155
  • ms818_firmware
  • m3150de
  • mx517_firmware
  • mx810
  • ms310_firmware
  • mx517
  • xm1140_firmware
  • mx611
  • xm3150_firmware
  • ms811
  • ms817_firmware
  • ms317
  • ms510_firmware
  • ms812de_firmware
  • mx417
  • xc2130
  • xm9145_firmware
  • m5170
  • ms610dn
  • xm7155
  • mx911_firmware
  • ms817
  • ms710
  • m1140\+
  • cx510_firmware
  • ms315_firmware
  • xm5270_firmware
  • mx611_firmware
  • m5155_firmware
  • xm5170_firmware
  • xm7163
  • cs410
  • c2132
  • mx710
  • m5163dn_firmware
CWE
CWE-611

Improper Restriction of XML External Entity Reference