Assuring the printer state after the network is compromised by malware, virus, or ransomware attack
Assuring the printer state after the network is compromised by malware, virus, or ransomware attack
Initial setup menus apply insufficient permissions (CVE-2021-44736)
Initial setup menus apply insufficient permissions (CVE-2021-44736)
Initial setup menus apply insufficient permissions (CVE-2022-24935)
Initial setup menus apply insufficient permissions (CVE-2022-24935)
Embedded web server input sanitization vulnerability (CVE-2021-44734)
Embedded web server input sanitization vulnerability (CVE-2021-44734)
PJL directory traversal vulnerability (CVE-2021-44737)
PJL directory traversal vulnerability (CVE-2021-44737)
SpringShell (and/or Spring4Shell) vulnerabilities (CVE-2022-22965, CVE-2022-22963)
SpringShell (and/or Spring4Shell) vulnerabilities (CVE-2022-22965, CVE-2022-22963)
Embedded web server command injection vulnerability (CVE-2021-44735)
Embedded web server command injection vulnerability (CVE-2021-44735)
Assuring the printer state after the network is compromised by malware, virus, or ransomware attack
If a Lexmark printer has been exposed to a compromised or breached network (malware, virus, ransomware, etc.), this article shows you what you must do.
Issue description
If a Lexmark printer has been exposed to a compromised or breached network (malware, virus, ransomware, etc.), do the following steps to assure that the printer is in a trusted state.
Solution
- Disconnect the device from the network (both wired and wireless).
- Unplug the device, then wait for 30 seconds before plugging back into the main power to ensure that all volatile memory is cleared.
- Erase printer memory.To erase non‑volatile memory or individual settings, device and network settings, security settings, and embedded solutions, do the following:
- From the control panel, navigate to:Settings>Device>Maintenance>Out of Service Erase>Sanitize all information on non‑volatile memoryFor non‑touch screen printer models, pressOKto navigate through the settings.
- SelectStart initial setuporLeave printer offline.
- If the printer has a hard disk, erase the printer hard disk memory.
- From the control panel, navigate to:Settings>Device>Maintenance>Out of Service Erase>Sanitize all information on hard diskFor non‑touch screen printer models, pressOKto navigate through the settings.
- Depending on the printer model, selectERASEorContinue.
- Follow the instructions on the display.
This process can take several minutes to more than an hour, making the printer unavailable for other tasks. - Set up an admin account to restrict access to administrative functions from the network by doing any of the following:
- Follow the instructions in theRestricting public access to functions, applications, printer management, and security optionstopic in the Embedded Web Server (EWS) Administrator's Guide.
- Engage theSecure by defaultoption in the Initial Setup Wizard.
- Reconnect the device to the network.
- Reconfigure the device.
Feedback Submitted! Thank you for providing valuable feedback!