CVE-2024-11344
Published: 13 February 2025
Summary
CVE-2024-11344 is a high-severity Type Confusion (CWE-843) vulnerability in Lexmark (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-11344 is a type confusion vulnerability (CWE-843) in the Postscript interpreter within various Lexmark devices. Published on 2025-02-13, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and enables attackers to execute arbitrary code by exploiting mishandled type data during Postscript processing.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a maliciously crafted Postscript file to an affected Lexmark device, the attacker can trigger the type confusion, leading to arbitrary code execution and potential low-level impacts on confidentiality, integrity, and availability.
Mitigation guidance is available through Lexmark's security advisories at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4914
Vulnerability details
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated arbitrary code execution via crafted Postscript input to network-exposed device interpreter directly enables T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation of the identified type confusion flaw in the Postscript interpreter via Lexmark patches directly prevents arbitrary code execution exploitation.
Validates Postscript inputs for consistency with expected formats and types, reducing the risk of malformed files triggering the type confusion vulnerability.
Implements memory safeguards such as non-executable memory and address space randomization to mitigate arbitrary code execution resulting from the type confusion exploit.