Lucene search
James Horseman and Zach Hanley of Horizon3 A.I.ZDI-23-668HistoryMay 17, 2023 - 12:00 a.m.
(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability
2023-05-1700:00:00
James Horseman and Zach Hanley of Horizon3 A.I.
www.zerodayinitiative.com
4
lexmark mc3224i
command injection
remote code execution
network-adjacent attackers
user-supplied string
system call
httpd user
0.17 Low
EPSS
Percentile
96.1%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fax_change_faxtrace_settings script. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the httpd user.
Related
cvelist
cvelist
CVE-2023-26067
2023-04-10 00:00:00
cve
cve
CVE-2023-26067
2023-04-10 20:15:10
prion
prion
Input validation
2023-04-10 20:15:00
zdi
zdi
nuclei
nuclei
Lexmark Printers - Command Injection
2023-08-12 17:45:00
nvd
nvd
CVE-2023-26067
2023-04-10 20:15:10
githubexploit
githubexploit
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2023-08-07 20:55:15
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2024-01-19 19:54:41
packetstorm
packetstorm
Lexmark Device Embedded Web Server Remote Code Execution
2023-09-19 00:00:00
openvas
openvas
Lexmark Printer Multiple Input Validation Vulnerabilities (Mar 2023)
2023-03-16 00:00:00
metasploit
metasploit
Lexmark Device Embedded Web Server RCE
2023-08-31 00:30:14
zdt
zdt
Lexmark Device Embedded Web Server Remote Code Execution Exploit
2023-09-19 00:00:00