CVE-2020-35546

CVE-2020-35546 is an Incorrect Access Control vulnerability (CWE-284) affecting Lexmark MX6500 LW75.JD.P296 and previous devices. The flaw stems from improper implementation in the access control settings, enabling unauthorized actions despite configured restrictions.

The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating exploitation is possible remotely over the network by unauthenticated attackers with low complexity and no user interaction. Attackers can achieve high confidentiality and integrity impacts, such as accessing or modifying sensitive data and configurations, while availability remains unaffected.

Lexmark advisories address mitigation through their support portal at http://support.lexmark.com and a dedicated security alert PDF at https://publications.lexmark.com/publications/security-alerts/CVE-2020-35546.pdf, which security practitioners should review for patching guidance and workarounds.