936 matches found
CVE-2022-24935
Summary of CVE-2022-24935 with connected details: A set of sources identify Lexmark as affected by an Incorrect Access Control issue. The most concrete technical detail comes from ZDI-22-1038: for Lexmark MC3224i printers, the firmware upgrade feature lacks authentication, allowing network-adjace...
CVE-2022-24935
Lexmark products through 2022-02-10 have Incorrect Access Control...
PT-2022-16995 · Lexmark · Lexmark
Name of the Vulnerable Software and Affected Versions: Lexmark products through 2022-02-10 Description: The issue is related to Incorrect Access Control in Lexmark products. Recommendations: For Lexmark products through 2022-02-10, at the moment, there is no information about a newer version that...
Lexmark 访问控制错误漏洞
Lexmark is a line of printers in the United States. There is a security vulnerability in Lexmark products, no information about the vulnerability is available at this time, please keep an eye on CNNVD or the manufacturer's announcement...
Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. Crafted PostScript data can trigger a...
(Pwn2Own) Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of PJL commands. The issue results from an exposed...
(Pwn2Own) Lexmark MC3224i Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
(Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability
This vulnerability allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within URL handling. The issue results from the lack of proper restriction to a URL. An...
(Pwn2Own) Lexmark MC3224i pagemaker Insufficient Session Expiration Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the remote...
(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
(Pwn2Own) Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. Crafted PostScript data can trigger a...
(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
(Pwn2Own) Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation...
Lexmark Printer Command Injection Vulnerability (Jan 2022)
The embedded web server in various Lexmark devices contains a command injection vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...
Vulnerabilities fixed in Lexmark printers
Vulnerabilities have been fixed in Lexmark devices. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Bypassing authentication Remote code execution User Right...
Lexmark input validation error vulnerability
Lexmark is a series of printers in the U.S. A security vulnerability exists in Lexmark, which stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker could exploit the vulnerability to generate an...
Lexmark Printer Configuration Wipe Vulnerability (Jan 2022)
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...
Lexmark Printer Multiple Vulnerabilities (Jan 2022)
Multiple Lexmark printer devices are prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Lexmark path traversal vulnerability
Lexmark is a family of printers in the U.S. A path traversal vulnerability exists in Lexmark devices, which stems from the product's failure to properly filter special elements in resource or file paths. An attacker could access the PJL directory through this vulnerability and could override...
Lexmark Command Injection Vulnerability
Lexmark is a series of printers in the U.S. A command injection vulnerability exists in Lexmark, which stems from the failure of a network system or product to properly filter special characters, commands, etc. during the execution of commands entered by a user into the construct. An attacker cou...