This vulnerability allows local malicious users to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the _WriteTarFile method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lexmark cxtpc_firmware |
||
lexmark cstpc_firmware |
||
lexmark mxtct_firmware |
||
lexmark mxtpm_firmware |
||
lexmark cxtmm_firmware |
||
lexmark mslsg_firmware |
||
lexmark mxlsg_firmware |
||
lexmark mslbd_firmware |
||
lexmark mxlbd_firmware |
||
lexmark msngm_firmware |
||
lexmark mxngm_firmware |
||
lexmark mxtgm_firmware |
||
lexmark msngw_firmware |
||
lexmark mstgw_firmware |
||
lexmark mxtgw_firmware |
||
lexmark cslbn_firmware |
||
lexmark cslbl_firmware |
||
lexmark cxlbn_firmware |
||
lexmark cxlbl_firmware |
||
lexmark csnzj_firmware |
||
lexmark cxtzj_firmware |
||
lexmark cxnzj_firmware |
||
lexmark cxtpp_firmware |
||
lexmark cstat_firmware |
||
lexmark cxtat_firmware |
||
lexmark cstmh_firmware |