CVE-2022-29850

CWE-20 — Improper Input Validation CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

8.1HIGH

EPSS

0.7%

top 27.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

117

Lexmark B2236 Firmware Lexmark B2338 Firmware Lexmark B2442 Firmware +114 more

Timeline

PublishedAug 26

Latest updateAug 27

Description

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages117 packages

▶NVDlexmark/b2236_firmware< mslsg.081.014

▶NVDlexmark/b2338_firmware< msngm.081.014

▶NVDlexmark/b2442_firmware< msngm.081.014

▶NVDlexmark/b2546_firmware< msngm.081.014

▶NVDlexmark/b2650_firmware< msngm.081.014

🔴Vulnerability Details

GHSA

GHSA-79f9-xgx6-3cfm: Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation↗2022-08-27

▶

CVEList

CVE-2022-29850: Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across re↗2022-08-25

▶