The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2023-23560

CVE-2023-23560: Lexmark B2236 Firmware SSRF Vulnerability

CVE-2023-23560 is a server-side request forgery flaw in Lexmark B2236 Firmware caused by insufficient input validation. Attackers can exploit this to make unauthorized requests. This article covers technical details, affected versions, impact, and mitigation strategies.

Published: February 11, 2026

CVE-2023-23560 Overview

CVE-2023-23560 is a Server-Side Request Forgery (SSRF) vulnerability affecting numerous Lexmark printer products. The flaw exists due to insufficient input validation in the printer firmware, allowing remote attackers to make arbitrary server-side requests. This vulnerability enables unauthenticated attackers to access internal network resources, potentially leading to data exfiltration, internal service enumeration, or further exploitation of backend systems accessible from the compromised printer.

Critical Impact

Unauthenticated remote attackers can exploit this SSRF vulnerability to access internal network resources, bypass security controls, and potentially pivot to attack other systems on the network. The vulnerability requires no user interaction and can be exploited over the network.

Affected Products

  • Lexmark B Series Printers (B2236, B2338, B2442, B2546, B2650, B2865, B3340, B3442)
  • Lexmark C Series Color Printers (C2240, C2325, C2326, C2425, C2535, C3224, C3326, C3426, C4150, C6160, C9235)
  • Lexmark CS Series Color Printers (CS331, CS421, CS431, CS439, CS521, CS622, CS720, CS725, CS727, CS728, CS820, CS827, CS921, CS923, CS927)
  • Lexmark CX Series Multifunction Printers (CX331, CX421, CX431, CX522, CX622, CX625, CX725, CX727, CX820, CX825, CX860, CX920, CX921, CX922, CX923, CX924, CX944)
  • Lexmark M Series Printers (M1242, M1246, M1342, M3250, M5255, M5270)
  • Lexmark MB/MC Series Multifunction Printers (MB2236, MB2338, MB2442, MB2546, MB2650, MB2770, MB3442, MC2325, MC2425, MC2535, MC2640, MC3224, MC3326, MC3426)
  • Lexmark MS Series Monochrome Printers (MS321, MS331, MS421, MS431, MS521, MS621, MS622, MS725, MS821, MS822, MS823, MS825, MS826)
  • Lexmark MX Series Multifunction Printers (MX321, MX331, MX421, MX431, MX432, MX521, MX522, MX622, MX721, MX722, MX822, MX826, MX931)
  • Lexmark XC Series Multifunction Printers (XC2235, XC2326, XC4140, XC4143, XC4150, XC4153, XC4240, XC4342, XC4352, XC6152, XC6153, XC8155, XC8160, XC8163, XC9225, XC9235, XC9245, XC9255, XC9265, XC9335, XC9445, XC9455, XC9465)
  • Lexmark XM Series Multifunction Printers (XM1242, XM1246, XM1342, XM3142, XM3250, XM5365, XM7355, XM7370)

Discovery Timeline

  • 2023-01-23 - CVE-2023-23560 published to NVD
  • 2025-04-02 - Last updated in NVD database

Technical Details for CVE-2023-23560

Vulnerability Analysis

This Server-Side Request Forgery (SSRF) vulnerability in Lexmark printer firmware allows attackers to induce the printer to make HTTP requests to arbitrary destinations. The vulnerability is classified under CWE-918 (Server-Side Request Forgery) and CWE-20 (Improper Input Validation).

The flaw enables remote attackers without any authentication or privileges to send specially crafted requests to the printer's web interface, causing the device to make outbound connections to attacker-specified URLs or internal network addresses. This can be leveraged to scan internal networks, access cloud metadata services, interact with internal APIs, or bypass firewall restrictions that would otherwise block direct external access to internal resources.

Network-connected printers are often overlooked in security assessments but frequently have privileged access to internal network segments. Successful exploitation could allow attackers to map internal infrastructure, access sensitive services, or use the printer as a pivot point for lateral movement.

Root Cause

The root cause of CVE-2023-23560 is the lack of proper input validation in the Lexmark printer firmware. User-supplied data that specifies URLs or network destinations is not adequately sanitized or restricted before being used in server-side HTTP requests. This allows attackers to control the destination of outbound requests made by the printer, enabling SSRF attacks against internal or external targets.

Attack Vector

The attack is network-based and requires no authentication or user interaction. An attacker with network access to a vulnerable Lexmark printer can send malicious requests to the device's web interface. The printer firmware processes these requests without properly validating the target URL parameters, allowing the attacker to:

  1. Access internal network services that are not directly accessible from external networks
  2. Scan internal IP ranges and ports to enumerate available services
  3. Access cloud instance metadata services (e.g., AWS metadata at 169.254.169.254)
  4. Interact with internal REST APIs or management interfaces
  5. Potentially exfiltrate sensitive data through the printer's network connection

The attack does not require the attacker to have any prior privileges or credentials on the target printer, making it particularly dangerous in environments where printers are exposed to untrusted network segments.

Detection Methods for CVE-2023-23560

Indicators of Compromise

  • Unusual outbound network connections from Lexmark printers to internal services or unexpected external destinations
  • HTTP requests from printer IP addresses to cloud metadata endpoints (e.g., 169.254.169.254)
  • Anomalous traffic patterns showing the printer initiating connections to internal servers it normally wouldn't communicate with
  • Web server logs on internal systems showing requests originating from printer IP addresses

Detection Strategies

  • Monitor network traffic from printer devices for unusual outbound connection attempts, especially to internal IP ranges or cloud metadata services
  • Implement network segmentation and firewall rules that restrict printer outbound connections, then alert on policy violations
  • Review printer web interface access logs for suspicious request patterns or access from unexpected source IPs
  • Deploy network detection signatures for SSRF attack patterns targeting printer management interfaces

Monitoring Recommendations

  • Enable logging on Lexmark printers if available and forward logs to a centralized SIEM for analysis
  • Configure network monitoring to baseline normal printer communication patterns and alert on deviations
  • Implement egress filtering on network segments containing printers and monitor for blocked connection attempts
  • Regularly audit network traffic from IoT and printer devices as part of security monitoring practices

How to Mitigate CVE-2023-23560

Immediate Actions Required

  • Apply Lexmark's security patch immediately to all affected printer models
  • Isolate vulnerable printers on a dedicated network segment with restricted outbound access until patching is complete
  • Implement firewall rules to block outbound connections from printers to sensitive internal services and cloud metadata endpoints
  • Review network logs for any indicators of prior exploitation attempts

Patch Information

Lexmark has released firmware updates to address this vulnerability. Organizations should download and apply the latest firmware from the Lexmark Security Advisory or the Lexmark Support Alerts page. The security advisory provides specific firmware version information for each affected printer model series.

Workarounds

  • Implement network segmentation to isolate printers from sensitive internal resources and restrict their ability to initiate outbound connections
  • Configure firewall rules to limit printer network access to only necessary services (print servers, firmware update servers)
  • Disable unnecessary web services and remote management features on printers until patches can be applied
  • Block printer access to cloud metadata IP ranges (169.254.169.254) and internal management networks
bash
# Example firewall rules to restrict printer network access (iptables)
# Replace PRINTER_IP with actual printer IP address

# Block access to cloud metadata service
iptables -A FORWARD -s PRINTER_IP -d 169.254.169.254 -j DROP

# Block access to internal management network (example: 10.0.0.0/8)
iptables -A FORWARD -s PRINTER_IP -d 10.0.0.0/8 -j DROP

# Allow only necessary outbound connections (DNS, print server)
iptables -A FORWARD -s PRINTER_IP -d PRINT_SERVER_IP -p tcp --dport 9100 -j ACCEPT
iptables -A FORWARD -s PRINTER_IP -d DNS_SERVER_IP -p udp --dport 53 -j ACCEPT

# Drop all other outbound traffic from printer
iptables -A FORWARD -s PRINTER_IP -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeSSRF
  • Vendor/TechLexmark
  • SeverityCRITICAL
  • CVSS Score9.8
  • EPSS Probability1.45%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-918
  • CWE-20
  • Vendor Resources
  • Lexmark Security Alert CVE-2023-23560
  • Lexmark Support Alerts Page
  • Related CVEs
  • CVE-2025-65080: Lexmark Postscript Interpreter RCE Flaw
  • CVE-2025-65079: Lexmark PostScript Buffer Overflow Flaw
  • CVE-2025-65081: Lexmark Postscript RCE Vulnerability
  • CVE-2025-65078: Lexmark Embedded Solutions RCE Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English