← Retour aux CVEs

CVE-2021-35449

HIGH

7.8

Description

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie7/19/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

lexmark:g2_driverlexmark:g3_driverlexmark:g4_driverlexmark:universal_print_driver

Faiblesses (CWE)

CWE-732

References

http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html(cve@mitre.org)

http://support.lexmark.com/alerts/(cve@mitre.org)

https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt(cve@mitre.org)

http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)

http://support.lexmark.com/alerts/(af854a3a-2127-422b-91ae-364da2661108)

https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.