US English (US)
AU English (AUS)
Log a Support Call RBC Website
English (AUS)
US English (US)
AU English (AUS)
  • Home
  • Security

Lexmark Apache Log4j Vulnerabilities

Contact Us


Can't find what you're looking for?

Log a Support Call
  • HP
    HP Print HP Copy HP Scan HP Fax HP Apps HP Meters HP Other
  • Lexmark
    Lexmark Print Lexmark Copy Lexmark Scans Lexmark Fax Lexmark Meters Lexmark Other
  • Ricoh
    Ricoh Print Ricoh Copy Ricoh Scan Ricoh Fax Ricoh Meters Ricoh Other
  • DaaS
  • docs2me
  • ip2me
  • COVID-19
  • Recycling and Sustainability
  • Printer Monitoring
  • eMeters
  • Security
+ More

The below information is from Lexmark in regards to the Apache Log4j exploit:


Issue Description:

The Apache Log4j utility is an open-source Apache framework that is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.15 or below to be compromised and allow an attacker to execute arbitrary code on the vulnerable server.

On December 10th, 2021, NIST (National Institute of Standards and Technology) published a critical CVE (Common Vulnerabilities and Exposures) in the National Vulnerability Database identifying this as CVE-2021-44228. The official CVSS (Common Vulnerability Scoring System) base severity score has been determined as a severity of 10. The latest guidance from the Apache Software Foundation is to upgrade to 2.17. The latest CVE and guidance from the Apache Software Foundation is available here: https://nvd.nist.gov/vuln/detail/CVE-2021-45105 and https://logging.apache.org/log4j/2.x/security.html 

 

Explanation:

Lexmark development teams have assessed Lexmark solutions and are now actively implementing remediation plans for the Log4j vulnerability on any Lexmark solutions impacted. We share your sense of urgency and are working diligently to incorporate the necessary solutions to address the issue.

The document below lists Lexmark products that may be impacted by the Log4j vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Any product that is not listed in this table is still under review for impact. This table will be revised as new information is available.

Last Update: 12/23/2021

 

Product Impacted (Yes/No) Remedy Status Upgrade Path
Hardcopy Printers and MFPs No N/A No further action needed N/A
Publishing Platform for Retail No N/A No further action needed N/A
LCS Fleet Agent v1.2.46 Yes Yes LCS Notifications

LCS New and Changed Functionality
See instructions in the status section
LCS Printer Enrollment Tool 2.7.0-2 Yes Yes LCS Notifications

LCS New and Changed Functionality
See instructions in the status section
MVE (Markvision Enterprise) Yes MVE 4.1.1 or above Lexmark Markvision Enterprise (homepage) Customer Installer
LFT/LRAM Yes Yes Update Available Customer Installer
LDCM (Lexmark Data Collection Manager) Yes Yes Workaround Available Tech Ops Engagement
LRMe (Lexmark Remote Management Extension) Yes Yes Update Available Tech Ops Engagement
LDD (Lexmark Document Distributor) Yes Yes Workaround Available NA - SD&I – Contact TPM
Other Geos – Contact Lexmark Technical Support
LPM (Lexmark Print Management) Yes Yes Workaround Available NA - SD&I – Contact TPM
Other Geos – Contact Lexmark Technical Support
DDU (Device Deployment Utility) Yes DDU 2.12 or above Lexmark Device Deployment Utility (support site) Customer Installer
VSC (Virtual Solution Center) Yes EOL - January 28, 2022 Customers will be required to use CFM or Package Builder Use CFM or Package Builder


Need more information?

Log a Support Call

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Windows Print Spooler Vulnerability
  • HP Exploit Apache Log4J
  • Ricoh Apache Log4j Vulnerability
  • Log4j Papercut Vulnerability


See our Privacy Policy

1300 857 164     CONTACT US

Brisbane

RBC Group Brisbane

1 Mayneview Street
Milton QLD 4064

PO Box 199
Paddington QLD 4064

Gold Coast

RBC Group Gold Coast

1/22 Harvest Court
Southport QLD 4215

PO Box 4
Ashmore City LPO
Ashmore QLD 4214

Melbourne

RBC Group Melbourne

Unit 1, 20-22 Gardiners Rd
Notting Hill VIC 3168

Sydney

Interactive Australia

Tower B
39 Herbert St
St Leonards NSW 2065


Knowledge Base Software powered by Helpjuice

Definition by Author

0
0
Expand