CVE-2020-10095

CVE-2020-10095 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, affecting various Lexmark devices. Published on 2025-02-19, it enables an attacker to modify the configuration of the device. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts.

A remote attacker requires no privileges and can exploit the issue over the network with low attack complexity, though it necessitates user interaction, such as clicking a malicious link. Successful exploitation allows the attacker to alter device configurations, compromising integrity (high impact) and potentially disrupting availability (high impact), while confidentiality remains unaffected.

Lexmark provides mitigation guidance through its security advisories, accessible at http://support.lexmark.com/alerts/ and https://www.lexmark.com/en_us/solutions/security//lexmark-security-advisories.html. Security practitioners should consult these resources for patching instructions and configuration hardening recommendations specific to affected devices.