Vulnerability Details CVE-2021-35449
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.133
EPSS Ranking 93.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html
- http://support.lexmark.com/alerts/
- https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt
- http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html
- http://support.lexmark.com/alerts/
- https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt
Products affected by CVE-2021-35449
-
cpe:2.3:a:lexmark:g2_driver:-
-
cpe:2.3:a:lexmark:g2_driver:2.7.1.0
-
cpe:2.3:a:lexmark:g3_driver:-
-
cpe:2.3:a:lexmark:g3_driver:3.2.0.0
-
cpe:2.3:a:lexmark:g4_driver:-
-
cpe:2.3:a:lexmark:g4_driver:4.2.1.0
-
cpe:2.3:a:lexmark:universal_print_driver:-
-
cpe:2.3:a:lexmark:universal_print_driver:2.15.1.0