Vulnerability Details : CVE-2021-44735
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
Products affected by CVE-2021-44735
- cpe:2.3:o:lexmark:cx860_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc6152_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc8155_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc8160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx321_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2338_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx622_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2546_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm3250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2770_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm7355_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm7370_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx421_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2325_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx522_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc2640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc2235_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx820_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx825_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2236_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb2236_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms431_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms331_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m1342_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b3442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b3340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1342_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx331_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx431_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mb3442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms321_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms421_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms521_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms621_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m1242_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m1246_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2338_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2442_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2546_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms622_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m3250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx421_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx521_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx522_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1242_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1246_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms821_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms823_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms825_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:b2865_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms725_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms822_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms826_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5255_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5270_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx722_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx822_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx826_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm5365_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx721_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c3426_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c2326_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs431_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs439_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs331_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c3224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c3326_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc3426_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx431_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc2326_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc3224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mc3326_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx331_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs622_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c2240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs421_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs521_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c2325_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c2425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c2535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx622_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs827_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs827_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc6153_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc8163_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs820_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c6160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs720_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs725_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs727_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs728_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c4150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx725_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx727_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4140_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4143_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc4153_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs921_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs923_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs927_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c9235_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx920_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx921_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx922_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx923_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx924_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc9225_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc9235_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc9245_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc9255_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc9265_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-44735
2.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-44735
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-44735
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-44735
-
https://www.zerodayinitiative.com/advisories/ZDI-22-330/
ZDI-22-330 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://www.zerodayinitiative.com/advisories/ZDI-22-326/
ZDI-22-326 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://support.lexmark.com/alerts/
Lexmark Security AdvisoriesVendor Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-22-329/
ZDI-22-329 | Zero Day InitiativeThird Party Advisory;VDB Entry
Jump to