var-202201-1528
Vulnerability from variot
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. plural Lexmark A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of packet captures. When parsing the filter property, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the permissions set on root-owned service files. Lexmark is a line of printers in the United States.
There is a command injection vulnerability in Lexmark, which originates from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mc3224i",
"scope": null,
"trust": 2.1,
"vendor": "lexmark",
"version": null
},
{
"model": "c2240",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstzj.076.294"
},
{
"model": "cx820",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "m5270",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "ms521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mx722",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "xc6153",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "b2650",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "xc4150",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc9225",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "c4150",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstzj.076.294"
},
{
"model": "cx622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "b2236",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslsg.076.294"
},
{
"model": "b3340",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xm1342",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "cs331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "c3326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "cs431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "cx727",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mb2442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "m1242",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mb2236",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlsg.076.294"
},
{
"model": "b2442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "b2865",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "cx331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "cx860",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "xc9265",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "cs727",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs720",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "xc2326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "xc8160",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "mb2546",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms621",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "m5255",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "cx924",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mb2338",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxngm.076.294"
},
{
"model": "xc4143",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc8163",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "b2338",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "xm3250",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "cx421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "mc2325",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "b2546",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mc2535",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "cs923",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "xc4140",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mx431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "ms825",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "mc3426",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "cx431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbn.076.294"
},
{
"model": "cx825",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "cs725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "mx622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms321",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "ms826",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "xc6152",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "m3250",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgm.076.294"
},
{
"model": "cs820",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "cs728",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstat.076.294"
},
{
"model": "cs439",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mc3224",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "cx920",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mc2425",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxnzj.076.294"
},
{
"model": "c3426",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mb2650",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "cs827",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "ms822",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgw.076.294"
},
{
"model": "xm5365",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "cx922",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "cx923",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "xc9235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "c2535",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "mx421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "c2325",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "ms421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "mx822",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "ms823",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "ms725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "cs521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "cs827",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "xc9255",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "ms821",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngw.076.294"
},
{
"model": "mx522",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "ms431",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "m1342",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "cs927",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "ms331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xc8155",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtpp.076.294"
},
{
"model": "cs921",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "ms622",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mstgm.076.294"
},
{
"model": "xc4153",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "mb2770",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "xm1242",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "m1246",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "msngm.076.294"
},
{
"model": "cx921",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "mx521",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "xm1246",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgm.076.294"
},
{
"model": "xm7370",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "mc3326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxlbl.076.294"
},
{
"model": "mx331",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "cx725",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtat.076.294"
},
{
"model": "xc2235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "c9235",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstmh.076.294"
},
{
"model": "mx321",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxngm.076.294"
},
{
"model": "c3224",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbl.076.294"
},
{
"model": "cx522",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "cx625",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "mb3442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxlbd.076.294"
},
{
"model": "xm7355",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "mx721",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "c2326",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cslbn.076.294"
},
{
"model": "mc2640",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "xc9245",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtmh.076.294"
},
{
"model": "b3442",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mslbd.076.294"
},
{
"model": "xc4240",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cxtzj.076.294"
},
{
"model": "mx826",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "mxtgw.076.294"
},
{
"model": "cs421",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "c2425",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "csnzj.076.294"
},
{
"model": "c6160",
"scope": "lt",
"trust": 1.0,
"vendor": "lexmark",
"version": "cstpp.076.294"
},
{
"model": "b2236",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mx431",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mb2236",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "xm1342",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "mx331",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "ms331",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "ms431",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "b3340",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "b3442",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "m1342",
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "lexmark",
"scope": "lt",
"trust": 0.6,
"vendor": "lexmark",
"version": "2021-12-07"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David BERARD (@_p0ly_), Vincent FARGUES (@Karion_), Thomas IMBERT (@masthoon), from @Synacktiv",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
}
],
"trust": 1.4
},
"cve": "CVE-2021-44735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-44735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2021-44735",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-44735",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44735",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-44735",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-08179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1806",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-44735",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. plural Lexmark A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of packet captures. When parsing the filter property, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the permissions set on root-owned service files. Lexmark is a line of printers in the United States. \n\r\n\r\nThere is a command injection vulnerability in Lexmark, which originates from the fact that the network system or product fails to properly filter special characters, commands, etc. in the process of user input constructing and executing commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44735",
"trust": 6.0
},
{
"db": "ZDI",
"id": "ZDI-22-330",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-22-329",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-22-326",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15894",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15895",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15927",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-08179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44735",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"id": "VAR-202201-1528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08179"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08179"
}
]
},
"last_update_date": "2024-11-23T22:47:31.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lexmark has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://publications.lexmark.com/publications/security-alerts/CVE-2021-44735.pdf"
},
{
"title": "Lexmark\u00a0Security\u00a0Advisories",
"trust": 0.8,
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
},
{
"title": "Patch for Lexmark Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/317091"
},
{
"title": "Lexmark Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179836"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-326/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-330/"
},
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-329/"
},
{
"trust": 2.1,
"url": "https://publications.lexmark.com/publications/security-alerts/cve-2021-44735.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44735"
},
{
"trust": 1.7,
"url": "https://support.lexmark.com/alerts/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"date": "2022-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"date": "2022-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"date": "2022-01-20T17:15:17.880000",
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-330"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"date": "2022-02-15T00:00:00",
"db": "ZDI",
"id": "ZDI-22-326"
},
{
"date": "2022-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08179"
},
{
"date": "2022-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44735"
},
{
"date": "2023-03-10T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-003881"
},
{
"date": "2022-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1806"
},
{
"date": "2024-11-21T06:31:29.127000",
"db": "NVD",
"id": "CVE-2021-44735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "(Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-329"
},
{
"db": "ZDI",
"id": "ZDI-22-326"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1806"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.