This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemaker service. When parsing the NAME element, the process does not properly validate user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the service account.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
lexmark cxtpc_firmware |
||
lexmark cstpc_firmware |
||
lexmark mxtct_firmware |
||
lexmark mxtpm_firmware |
||
lexmark cxtmm_firmware |
||
lexmark mslsg_firmware |
||
lexmark mxlsg_firmware |
||
lexmark mslbd_firmware |
||
lexmark mxlbd_firmware |
||
lexmark msngm_firmware |
||
lexmark mxngm_firmware |
||
lexmark mxtgm_firmware |
||
lexmark msngw_firmware |
||
lexmark mstgw_firmware |
||
lexmark mxtgw_firmware |
||
lexmark cslbn_firmware |
||
lexmark cslbl_firmware |
||
lexmark cxlbn_firmware |
||
lexmark cxlbl_firmware |
||
lexmark cstzj_firmware |
||
lexmark csnzj_firmware |
||
lexmark cxtzj_firmware |
||
lexmark lw80_firmware |
||
lexmark lhs60_firmware |
||
lexmark lr_firmware |
||
lexmark lp_firmware |
Vulmon