Lexmark Security Advisory: Babuk2 Incident Notice March 11, 2025
On March 11, 2025, the Babuk2 threat actor group claimed to have executed a ransomware attack against Lexmark on its dark web leak site. Lexmark’s cybersecurity team promptly initiated an investigation into this claim.
As of March 14, 2025, we have found no evidence to support the presence of ransomware in our environment.
A combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server in various Lexmark devices.
Postscript integer overflow vulnerability (CVE-2024-11347)opens in a new tab
An integer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11346)opens in a new tab
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript heap-based memory vulnerability (CVE-2024-11345)opens in a new tab
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11344)opens in a new tab
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices (CVE-2023-50733)opens in a new tab
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
Buffer Overflow Vulnerability (CVE-2023-50739)opens in a new tab
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
Firmware Downgrade Prevention Vulnerability (CVE-2023-50738)opens in a new tab
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
Postscript Buffer Overflowopens in a new tab (CVE-2023-50734)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Heap Corruptionopens in a new tab (CVE-2023-50735)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Memory Corruptionopens in a new tab (CVE-2023-50736)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input Validation Vulnerabilityopens in a new tab (CVE-2023-50737)
An input validation vulnerability in the SE Menu has been identified in Lexmark devices.
XML external entity vulnerabilityopens in a new tab (CVE-2023-40239)
An XML external entity (XXE) vulnerability exists in older Lexmark devices.
Postscript Buffer Overflow (type confusion)opens in a new tab (CVE-2023-26063)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (out of bounds write)opens in a new tab (CVE-2023-26064)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (integer overflow)opens in a new tab (CVE-2023-26065)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (improper stack validation)opens in a new tab (CVE-2023-26066)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input validation vulnerabilityopens in a new tab (CVE-2023-26067)
An input validation vulnerability which allows an attacker who has already compromised an affected Lexmark device to escalate privileges.
Embedded Web Server input sanitization vulnerabilityopens in a new tab (CVE-2023-26068)
The embedded web server fails to properly sanitize input data which can lead to remote code execution.
Web API input validation vulnerabilityopens in a new tab (CVE-2023-26069)
A web API input validation vulnerability in newer Lexmark devices.
SNMP input validation vulnerabilityopens in a new tab (CVE-2023-26070)
An input validation vulnerability in SNMP in various Lexmark devices.
Account Lockout bypassopens in a new tab (CVE-2023-22960)
This vulnerability allows an attacker to bypass protections on the device that protect local accounts against brute-force guessing attacks.
Server Side Request Forgeryopens in a new tab (CVE-2023-23560)
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
jQuery vulnerabilityopens in a new tab (CVE-2019-11358)
jQuery contains vulnerability that can lead to a denial of service, remote code execution, or property injection
Compromised device remains vulnerable after firmware updateopens in a new tab (CVE-2022-29850)
An attacker who has already compromised an affected Lexmark device can maintain persistence across reboots.
SpringShell (and/or Spring4Shell) vulnerabilitiesopens in a new tab (CVE-2022-22965, CVE-2022-22963)
Lexmark hardware and software products are not impacted by the SpringShell vulnerability.
Initial setup menus apply insufficient permissionsopens in a new tab (CVE-2022-24935)
The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the “Firmware Updates” feature.
Postscript Buffer overflowopens in a new tab (CVE-2021-44738)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
PJL directory traversal vulnerabilityopens in a new tab (CVE-2021-44737)
Various Lexmark devices have a directory traversal vulnerability that can be leveraged to overwrite internal configuration files.
Initial setup menus apply insufficient permissionsopens in a new tab (CVE-2021-44736)
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
Embedded web server command injection vulnerabilityopens in a new tab (CVE-2021-44735)
The embedded web server in various Lexmark devices contains a command injection vulnerability.
Embedded web server input sanitization vulnerabilityopens in a new tab (CVE-2021-44734)
The embedded web server in Lexmark devices fails to properly sanitize input data which can lead to remote code execution on the device.
Apache Log4j Vulnerabilitiesopens in a new tab (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)
This document lists Lexmark products that may be impacted by the Log4j vulnerability. Any product not listed is still under review for impact.
Lexmark Security Advisory: Local Escalation of Privilege in the Lexmark Universal Print Driveropens in a new tab (CVE-2021-35449)
The Lexmark Universal Print Driver contains a local escalation of privilege vulnerability.
Lexmark Security Advisory: Unquoted Service Path in Lexmark Printer Software G2, G3 and G4 Installation Packagesopens in a new tab (CVE-2021-35469)
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
Lexmark Security Advisory: Security jumper race condition in the MX6500opens in a new tab (CVE-2020-35546)
The access control settings on a MX6500 may reset during a power on or reboot.
Lexmark Security Advisory: Wifi Chip Driver Vulnerabilityopens in a new tab (CVE-2019-14816)
A vulnerability was found in the WiFi chip driver used in Lexmark device.
Lexmark Security Advisory: Cross Site Request Forgery Vulnerabilityopens in a new tab (CVE-2020-13481)
A stored cross site scripting vulnerability has been identified in Lexmark devices.
Lexmark Security Advisory: Cross Site Request Forgeryopens in a new tab Vulnerability (CVE-2020-10095)
Lexmark devices' embedded web server contains a cross site request forgery attack vulnerability that allows devices configuration to be altered without authorization.
Lexmark Security Advisory: TLS Protocol Vulnerabilityopens in a new tab (CVE-2019-1559)
TLS Padding Oracle vulnerability in Lexmark devices.
Lexmark Security Advisory: Stored Cross Site Scripting Vulnerabilitiesopens in a new tab (CVE-2020-10093, CVE-2020-10094)
A couple of stored cross site scripting vulnerabilities have been identified on older Lexmark devices.