VAR-202201-1528
Vulnerability from variot - Updated: 2024-11-23 22:47Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. plural Lexmark A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of packet captures. When parsing the filter property, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the permissions set on root-owned service files. Lexmark is a line of printers in the United States.
There is a command injection vulnerability in Lexmark, which originates from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mc3224i",
"scope": null,
"trust": 2.1,
"vendor": "lexmark",
"version": null
},
{
"model": "c2240",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstzj.076.294"
},
{
"model": "cx820",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "m5270",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "ms521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mx722",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "xc6153",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "b2650",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "xc4150",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc9225",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "c4150",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstzj.076.294"
},
{
"model": "cx622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "b2236",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslsg.076.294"
},
{
"model": "b3340",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xm1342",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "cs331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "c3326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "cs431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "cx727",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mb2442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "m1242",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mb2236",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlsg.076.294"
},
{
"model": "b2442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "b2865",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "cx331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "cx860",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "xc9265",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "cs727",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs720",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "xc2326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "xc8160",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "mb2546",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms621",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "m5255",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "cx924",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mb2338",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxngm.076.294"
},
{
"model": "xc4143",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc8163",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "b2338",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "xm3250",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "cx421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "mc2325",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "b2546",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mc2535",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "cs923",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "xc4140",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mx431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "ms825",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "mc3426",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "cx431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "cx825",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "cs725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "mx622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms321",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "ms826",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "xc6152",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "m3250",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgm.076.294"
},
{
"model": "cs820",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "cs728",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs439",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mc3224",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "cx920",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mc2425",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "c3426",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mb2650",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "cs827",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "ms822",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "xm5365",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "cx922",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "cx923",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "xc9235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "c2535",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "mx421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "c2325",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "ms421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mx822",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "ms823",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "ms725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "cs521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "cs827",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "xc9255",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "ms821",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "mx522",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "m1342",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "cs927",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "ms331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xc8155",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "cs921",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "ms622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgm.076.294"
},
{
"model": "xc4153",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mb2770",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "xm1242",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "m1246",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "cx921",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mx521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "xm1246",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "xm7370",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "mc3326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "mx331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "cx725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc2235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "c9235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "mx321",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxngm.076.294"
},
{
"model": "c3224",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "cx522",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "cx625",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "mb3442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "xm7355",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "mx721",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "c2326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mc2640",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "xc9245",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "b3442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xc4240",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "mx826",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "cs421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "c2425",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "c6160",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "b2236",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mx431",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mb2236",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "xm1342",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mx331",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "ms331",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "ms431",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "b3340",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "b3442",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "m1342",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "lexmark",
"scope": "lt",
"trust": 0.6,
"vendor": "lexmark",
"version": "2021-12-07"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David BERARD (@_p0ly_), Vincent FARGUES (@Karion_), Thomas IMBERT (@masthoon), from @Synacktiv",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
}
],
"trust": 1.4
},
"cve": "CVE-2021-44735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-44735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2021-44735",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-44735",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44735",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-44735",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-08179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1806",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-44735",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. plural Lexmark A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of packet captures. When parsing the filter property, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the permissions set on root-owned service files. Lexmark is a line of printers in the United States. \n\r\n\r\nThere is a command injection vulnerability in Lexmark, which originates from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44735",
"trust": 6.0
},
{
"db": "ZDI",
"id": "ZDI-22-330",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-22-329",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-22-326",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15894",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15895",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15927",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-08179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44735",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"id": "VAR-202201-1528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08179"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08179"
}
]
},
"last_update_date": "2024-11-23T22:47:31.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lexmark has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://publications.lexmark.com/publications/security-alerts/CVE-2021-44735.pdf"
},
{
"title": "Lexmark\u00a0Security\u00a0Advisories",
"trust": 0.8,
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
},
{
"title": "Patch for Lexmark Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/317091"
},
{
"title": "Lexmark Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179836"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-326/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-330/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-329/"
},
{
"trust": 2.1,
"url": "https://publications.lexmark.com/publications/security-alerts/cve-2021-44735.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44735"
},
{
"trust": 1.7,
"url": "https://support.lexmark.com/alerts/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"date": "2022-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"date": "2022-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"date": "2022-01-20T17:15:17.880000",
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"date": "2022-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"date": "2022-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"date": "2023-03-10T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"date": "2022-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"date": "2024-11-21T06:31:29.127000",
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…