Lucene search
SynacktivZDI-23-670HistoryMay 17, 2023 - 12:00 a.m.
(Pwn2Own) Lexmark MC3224i lbtraceapp Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
2023-05-1700:00:00
Synacktiv
www.zerodayinitiative.com
16
uncontrolled search path
local attackers
binary flaw
privilege escalation
printer vulnerability
0.17 Low
EPSS
Percentile
96.1%
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the lbtraceapp binary. The code loads a binary from an unsecured location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.
Related
cvelist
cvelist
CVE-2023-26067
2023-04-10 00:00:00
cve
cve
CVE-2023-26067
2023-04-10 20:15:10
prion
prion
Input validation
2023-04-10 20:15:00
zdi
zdi
nuclei
nuclei
Lexmark Printers - Command Injection
2023-08-12 17:45:00
nvd
nvd
CVE-2023-26067
2023-04-10 20:15:10
githubexploit
githubexploit
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2023-08-07 20:55:15
Exploit for Improper Input Validation in Lexmark Cxtpc Firmware
2024-01-19 19:54:41
packetstorm
packetstorm
Lexmark Device Embedded Web Server Remote Code Execution
2023-09-19 00:00:00
openvas
openvas
Lexmark Printer Multiple Input Validation Vulnerabilities (Mar 2023)
2023-03-16 00:00:00
metasploit
metasploit
Lexmark Device Embedded Web Server RCE
2023-08-31 00:30:14
zdt
zdt
Lexmark Device Embedded Web Server Remote Code Execution Exploit
2023-09-19 00:00:00