External risk intelligence

Lexmark MX6500 LW75.JD.P296 Incorrect Access Control Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2020-35546

This vulnerability affects a Lexmark printer/multifunction device. While network-reachable in office environments, these devices are typically deployed behind corporate firewalls or internal networks and are not intended to be directly exposed to the public internet in common deployments.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability found in Lexmark devices related to access control settings. The issue allows for improper access to these settings, which could have significant implications if exploited. The primary concern is to confirm if our Lexmark devices are affected and to what extent.

  • Improper access control in Lexmark devices.
  • Critical flaw affecting device settings and data.
  • Confirm relevance and exposure for Lexmark devices.

Attack Path

How an attacker could exploit the issue

An attacker could reach this Lexmark device over the network and bypass its access controls. By exploiting this weakness, an attacker could gain unauthorized access to sensitive information or modify device settings. The exact nature of what an attacker could achieve beyond unauthorized access is not detailed in the provided context.

  • Network access is required.
  • Bypasses access control settings.
  • Unauthorized access to information.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow unauthorized access to device settings and information when the device is accessible over a network. Specifically, improper access control could lead to unintended exposure or modification of device configurations.

  • Device configurations at risk.
  • Network access to settings.
  • Unauthorized configuration changes.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability impacts Lexmark MX6500 LW75.JD.P296 devices, likely managed by infrastructure or asset management teams. The immediate priority is to locate all instances of the affected technology, assess their reachability and business criticality, identify the accountable owner, and then formulate a remediation plan based on the identified risk.

  • Infrastructure and asset owners should address.
  • Verify device reachability and criticality.
  • Plan remediation based on risk assessment.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Lexmark MX6500 series?

The Lexmark MX6500 is a multifunction printer device designed for office environments. These machines handle document management tasks such as printing, scanning, and copying, often acting as networked nodes within a business infrastructure to facilitate daily workflow and information processing.

How does CWE-284 relate to CVE-2020-35546?

CVE-2020-35546 is classified under CWE-284, which refers to Improper Access Control. This means the device fails to properly restrict who can interact with or change its settings. Instead of enforcing required permissions, the system allows unauthorized users to reach restricted configurations, potentially exposing sensitive information or changing how the printer operates.

Do I need to be on the local network to trigger this bug?

The vulnerability requires network connectivity to interact with the device's access control settings. While an attacker needs network access to reach the printer, simply having the device on a network is the trigger; it does not require a user to be physically present at the machine to perform unauthorized actions or modify its configuration.

Is my printer at risk if it is behind a firewall?

According to Halo Surface Signal, this vulnerability is considered unlikely to be exploited from the public internet. Because these printers are typically deployed behind corporate firewalls on internal networks, they are generally not directly exposed. However, the risk persists for any device that is inadvertently connected to the public internet or accessible via an unsecured network segment.

What steps should I take if I use these Lexmark devices?

First, identify all instances of the MX6500 within your organization. Once located, assess whether these devices are reachable from outside your internal network and determine their business importance. Coordinate with the relevant technology owners to verify the device status and establish a plan to manage the risk associated with these access control settings.

References