PT-2021-20914 · Lexmark · G2 Driver+3
Published
2021-07-19
·
Updated
2021-09-20
·
CVE-2021-35449
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Lexmark Universal Print Driver versions 2.15.1.0 and below
G2 driver versions 2.7.1.0 and below
G3 driver versions 3.2.0.0 and below
G4 driver versions 4.2.1.0 and below
Description:
A privilege escalation issue allows a standard low-privileged user to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
Recommendations:
For Lexmark Universal Print Driver versions 2.15.1.0 and below, update to a version above 2.15.1.0 to resolve the issue.
For G2 driver versions 2.7.1.0 and below, update to a version above 2.7.1.0 to resolve the issue.
For G3 driver versions 3.2.0.0 and below, update to a version above 3.2.0.0 to resolve the issue.
For G4 driver versions 4.2.1.0 and below, update to a version above 4.2.1.0 to resolve the issue.
As a temporary workaround, consider restricting the add printer process to minimize the risk of exploitation.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
G2 Driver
G3 Driver
G4 Driver
Lexmark Universal Print Driver