This is how I got my first CVE!

Hey guys,

In November 2019, I was looking for a Security Vulnerability for my project in Cyber Security for my Master’s Degree. After a while, I decided to ask my boss if I could test the Lexmark Printer MS812 connected to the network of the company and he agreed.

After spending some time getting to know the Printer’s Control Panel features, I found a spot in which it’s possible to upload a CA Certificate to the printer. And that’s where my journey begins!

Here we go :D

POC:

I decided to create a simple CA Certificate with two XSS payloads as OrganizationName and CommonName.

After creating the CA Certificate, I tried to upload it to the Printer’s Control Panel to check its behavior.

The “malicious” certificate was successfully loaded.

By clicking on the Certificate, it happened…BOOM!

After doing the tests and confirming the vulnerability, I reached Lexmark to tell them about it.

• 1st attempt to contact Lexmark: 23/10/2019 (I got no answer after more than 7 business days)

Because I got no answer and following MITRE guidelines, I decided to reserve the CVE. Then, I tried to reach then again.

• 2nd attempt to contact Lexmark: 13/11/2019. I got an answer from the Security Engineer and sent to him the PoC.
• 14/11/2019. They confirmed the vulnerability.
• 05/12/2019. They sent me a Beta Patch to check if the vulnerability was fixed.
• 05/02/2020. They published the Security Advisory! YAY! \o/

And that’s how I got my first CVE!

Security Advisory: http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=en

Thank you, Lexmark for your support!