(Pwn2Own) Lexmark MC3224i pagemark Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemark service. The issue results from the lack of proper...

(Pwn2Own) Lexmark MC3224i putinterval Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the PostScript putinterval command. The issue...

(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the faxchangefaxtracesettings script. The issue results from the lack...

(Pwn2Own) Lexmark MC3224i pagemaker NAME Type Confusion Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemaker service. When parsing the NAME element, the process doe...

(Pwn2Own) Lexmark MC3224i putinterval Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putinterval method. The issue results from the lack of proper...

(Pwn2Own) Lexmark MC3224i lbtraceapp _WriteTarFile Command Injection Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2023-20459 · Lexmark · Lexmark Mc3224I

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The issue is related to an Out-of-bounds Write, which can lead to a Heap-based Buffer Overflow and potentially allow for Remote Code Execution. This was demonstrated in a real-world...

Lexmark MC3224i Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of...

Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. Crafted PostScript data can trigger a...

(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(Pwn2Own) Lexmark MC3224i pagemaker Insufficient Session Expiration Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the remote...

(Pwn2Own) Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. Crafted PostScript data can trigger a...

(Pwn2Own) Lexmark MC3224i Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

(Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability

This vulnerability allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within URL handling. The issue results from the lack of proper restriction to a URL. An...

(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

(Pwn2Own) Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of PJL commands. The issue results from an exposed...

(Pwn2Own) Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation...