CVE-2021-35449

Published: Jul 19, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

Affected (4)

Products: Lexmark: G2 Driver, G3 Driver, G4 Driver, Universal Print Driver

4 products

Universal Print Driver

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Lexmark G2 Driver	Up to 2.7.1.0
Lexmark G3 Driver	Up to 3.2.0.0
Lexmark G4 Driver	Up to 4.2.1.0
Lexmark Universal Print Driver	Up to 2.15.1.0

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://support.lexmark.com/alerts/

Source: cve@mitre.org

Vendor Advisory

https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://support.lexmark.com/alerts/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.