Lucene search
PixelindigoZDI-23-667HistoryMay 17, 2023 - 12:00 a.m.
(Pwn2Own) Lexmark MC3224i lbtraceapp _WriteTarFile Command Injection Privilege Escalation Vulnerability
2023-05-1700:00:00
pixelindigo
www.zerodayinitiative.com
9
pwn2own
lexmark mc3224i
lbtraceapp
command injection
privilege escalation
vulnerability
_writetarfile method
system call validation
arbitrary code
0.17 Low
EPSS
Percentile
96.1%
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the _WriteTarFile method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Related
cve
cve
CVE-2023-26067
2023-04-10 20:15:10
cvelist
cvelist
CVE-2023-26067
2023-04-10 00:00:00
prion
prion
Input validation
2023-04-10 20:15:00
nuclei
nuclei
Lexmark Printers - Command Injection
2023-08-12 17:45:00
nvd
nvd
CVE-2023-26067
2023-04-10 20:15:10
githubexploit
githubexploit
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2023-08-07 20:55:15
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2024-01-19 19:54:41
zdi
zdi
packetstorm
packetstorm
Lexmark Device Embedded Web Server Remote Code Execution
2023-09-19 00:00:00
openvas
openvas
Lexmark Printer Multiple Input Validation Vulnerabilities (Mar 2023)
2023-03-16 00:00:00
metasploit
metasploit
Lexmark Device Embedded Web Server RCE
2023-08-31 00:30:14
zdt
zdt
Lexmark Device Embedded Web Server Remote Code Execution Exploit
2023-09-19 00:00:00