Lucene search
SynacktivZDI-23-669HistoryMay 17, 2023 - 12:00 a.m.
(Pwn2Own) Lexmark MC3224i snmpUTIL Improper Input Validation Remote Code Execution Vulnerability
2023-05-1700:00:00
Synacktiv
www.zerodayinitiative.com
12
pwn2own
network-adjacent
arbitrary code execution
authentication bypass
improper input validation
configuration files
admin user context
EPSS
0.003
Percentile
65.4%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpUTIL binary. The issue results from the lack of proper validation of configuration files. An attacker can leverage this vulnerability to execute code in the context of the admin user.
Related
openvas
openvas
Lexmark Printer Input Validation Vulnerability (CVE-2023-26069)
2023-03-17 00:00:00
cvelist
cvelist
CVE-2023-26069
2023-04-10 00:00:00
cve
cve
CVE-2023-26069
2023-04-10 20:15:10
nvd
nvd
CVE-2023-26069
2023-04-10 20:15:10
prion
prion
Input validation
2023-04-10 20:15:00