Lexmark : Security Vulnerabilities, CVEs, CVSS score >= 6

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

Lexmark products through 2022-02-10 have Incorrect Access Control.

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

Various Lexmark products have Incorrect Access Control.

Various Lexmark products have CSRF.

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

Various Lexmark products have a Buffer Overflow (issue 2 of 3).