- Description
- The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-732
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lexmark:g2_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CD526E8-73A3-4D76-9658-A323DC6920F6",
"versionEndIncluding": "2.7.1.0"
},
{
"criteria": "cpe:2.3:a:lexmark:g3_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ED1BEA9-FF02-47B2-A8BE-AD01098849C5",
"versionEndIncluding": "3.2.0.0"
},
{
"criteria": "cpe:2.3:a:lexmark:g4_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "724C5598-AC84-46EA-A972-6F4BA850D154",
"versionEndIncluding": "4.2.1.0"
},
{
"criteria": "cpe:2.3:a:lexmark:universal_print_driver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C7C6DB5-C1A8-417D-8E21-501F4FD26254",
"versionEndIncluding": "2.15.1.0"
}
],
"operator": "OR"
}
]
}
]