This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fax_change_faxtrace_settings script. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the httpd user.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
lexmark cxtpc_firmware |
||
lexmark cstpc_firmware |
||
lexmark mxtct_firmware |
||
lexmark mxtpm_firmware |
||
lexmark cxtmm_firmware |
||
lexmark mslsg_firmware |
||
lexmark mxlsg_firmware |
||
lexmark mslbd_firmware |
||
lexmark mxlbd_firmware |
||
lexmark msngm_firmware |
||
lexmark mxngm_firmware |
||
lexmark mxtgm_firmware |
||
lexmark msngw_firmware |
||
lexmark mstgw_firmware |
||
lexmark mxtgw_firmware |
||
lexmark cslbn_firmware |
||
lexmark cslbl_firmware |
||
lexmark cxlbn_firmware |
||
lexmark cxlbl_firmware |
||
lexmark csnzj_firmware |
||
lexmark cxtzj_firmware |
||
lexmark cxnzj_firmware |
||
lexmark cxtpp_firmware |
||
lexmark cstat_firmware |
||
lexmark cxtat_firmware |
||
lexmark cstmh_firmware |
Vulmon