Lucene search

[email protected]NVD:CVE-2021-35449

HistoryJul 19, 2021 - 3:15 p.m.

CVE-2021-35449

2021-07-1915:15:07

CWE-732

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.2%

JSON

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

Affected configurations

NVD

Node

lexmarkg2_driverRange≤2.7.1.0

lexmarkg3_driverRange≤3.2.0.0

lexmarkg4_driverRange≤4.2.1.0

lexmarkuniversal_print_driverRange≤2.15.1.0

References

packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html

support.lexmark.com/alerts/

raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for NVD:CVE-2021-35449

cve1 prion1 cvelist1 packetstorm1 rapid7blog2 kitploit1 attackerkb1