CVE-2022-29850

HIGH

Lexmark B2236 Firmware < mslsg.081.014 - Exposure to Wrong Actor

Title source: rule

Description

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

References (3)

[Vendor Advisory] https://publications.lexmark.com/publications/security-alerts/CVE-2022-29850.pdf

[Vendor Advisory] https://support.lexmark.com/alerts/

[Vendor Advisory] https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

Scores

CVSS v3 8.1

EPSS 0.0073

EPSS Percentile 72.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20 CWE-668

Status published

Affected Products (50)

lexmark/b2236_firmware < mslsg.081.014

lexmark/mb2236_firmware < mxlsg.081.014

lexmark/ms331_firmware < mslbd.081.014

lexmark/ms431_firmware < mslbd.081.014

lexmark/m1342_firmware < mslbd.081.014

lexmark/b3442_firmware < mslbd.081.014

lexmark/b3340_firmware < mslbd.081.014

lexmark/xm1342_firmware < mslbd.081.014

lexmark/mx331_firmware < mxlbd.081.014

lexmark/mx431_firmware < mxlbd.081.014

lexmark/mb3442_firmware < mxlbd.081.014

lexmark/ms321_firmware < msngm.081.014

lexmark/ms421_firmware < msngm.081.014

lexmark/ms521_firmware < msngm.081.014

lexmark/ms621_firmware < msngm.081.014

... and 35 more

Timeline

Published Aug 26, 2022

Tracked Since Feb 18, 2026