Privilege Escalation in Lexmark Universal Print Driver and Related G2, G3, and G4 Drivers
CVE-2021-35449

7.8HIGH

Key Information:

Vendor

Lexmark

Status
G4 Driver
G3 Driver
G2 Driver
Universal Print Driver
Vendor
CVE Published:
19 July 2021

What is CVE-2021-35449?

A privilege escalation vulnerability exists within the Lexmark Universal Print Driver and its related drivers, which allows a standard low-privileged user to leverage the driver during the printer installation process. By doing so, they can execute a Dynamic Link Library (DLL) of their choice, ultimately leading to an escalation of privileges to the SYSTEM level. This can allow unauthorized control over the system and poses significant security risks.

References

http://support.lexmark.com/alerts/
x_refsource_MISC
https://raw.githubusercontent.com/jacob-baines/vuln_discl...
x_refsource_MISC
http://packetstormsecurity.com/files/163811/Lexmark-Drive...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.