## https://sploitus.com/exploit?id=C1BC55C1-525A-529B-ADAF-CBD212D4DE5C
# PoC for CVE-2023-22960
[![Python](https://img.shields.io/badge/Python-%E2%89%A5%203.6-yellow.svg)](https://www.python.org/)
<img src="https://img.shields.io/badge/Developed%20on-kali%20linux-blueviolet">
[![License](https://img.shields.io/badge/license-MIT-red.svg)](https://github.com/t3l3machus/CVE-2023-22960/blob/main/LICENSE)
## Details
PoC for CVE-2023-22960 that I discovered. This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server interface of all Lexmark printer models that have a firmware version released before 01/2023. This issue affects both username-password and PIN authentication.
**Official security advisory** -> https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdf
**PoC tested against**:
- Lexmark MX622adhe
- Lexmark CX735adse
- Lexmark MX521ade
#### Video Presentation
In this video I demonstrate the issue as well as how to write an http(s) login bruteforce script with Python.
https://www.youtube.com/watch?v=HuAqTScr_3s
## Preview
Without the brute-force prevention bypass:
![image](https://user-images.githubusercontent.com/75489922/214288009-d0cda79b-e604-478a-9bbc-39175c20a6ab.png)
Applying the brute-force prevention bypass:
![image](https://user-images.githubusercontent.com/75489922/214286428-fb2cc7b3-9c58-4aed-a343-2d66610ca407.png)