Lucene search
NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams)ZDI-22-333HistoryFeb 15, 2022 - 12:00 a.m.
(Pwn2Own) Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability
2022-02-1500:00:00
NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams)
www.zerodayinitiative.com
23
pwn2own
lexmark mc3224i
pjl exposed
dangerous function
remote code execution
vulnerability
network-adjacent attackers
arbitrary code
authentication not required
arbitrary files
root context
EPSS
0.002
Percentile
53.6%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of PJL commands. The issue results from an exposed danagerous function, which can allow the creation of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of root.
Related
prion
prion
Directory traversal
2022-01-20 17:15:00
cve
cve
CVE-2021-44737
2022-01-20 17:15:17
cnvd
cnvd
Lexmark path traversal vulnerability
2022-01-23 00:00:00
cvelist
cvelist
CVE-2021-44737
2022-01-20 16:04:39
nvd
nvd
CVE-2021-44737
2022-01-20 17:15:17
openvas
openvas
Lexmark Printer Multiple Vulnerabilities (Jan 2022)
2022-01-24 00:00:00