CVE-2021-35449

HIGH

Lexmark Universal Print Driver <2.15.1.0 - Privilege Escalation

Title source: llm

Description

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

Exploits (1)

metasploit WORKING POC NORMAL

by Jacob Baines, Shelby Pace, Grant Willcox · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/lexmark_driver_privesc.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://support.lexmark.com/alerts/

[Third Party Advisory] https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_02.txt

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163811/Lexmark-Driver-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.1329

EPSS Percentile 94.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (4)

lexmark/g2_driver < 2.7.1.0

lexmark/g3_driver < 3.2.0.0

lexmark/g4_driver < 4.2.1.0

lexmark/universal_print_driver < 2.15.1.0

Published Jul 19, 2021

Tracked Since Feb 18, 2026