CVE-2021-35449
moderate-risk
Published 2021-07-19
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
Do I need to act?
!
13.3% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (4)
Affected Vendors
References (6)
Vendor Advisory
http://support.lexmark.com/alerts/
Third Party Advisory
https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02...
Vendor Advisory
http://support.lexmark.com/alerts/
Third Party Advisory
https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02...
46
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
12/34 · Low
Exposure
10/34 · Low