CVE-2021-44735

Q: What is the severity of CVE-2021-44735?

CVE-2021-44735 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in the embedded web server of Lexmark devices. Attackers can execute arbitrary commands on affected devices by sending specially crafted requests. All Lexmark devices with the vulnerable web server component are affected.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in the embedded web server of Lexmark devices. Attackers can execute arbitrary commands on affected devices by sending specially crafted requests. All Lexmark devices with the vulnerable web server component are affected.

💻 Affected Systems

Products:

Lexmark printers and multifunction devices

Versions: All versions through 2021-12-07

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the embedded web server component used for device management and configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to execute arbitrary commands, potentially leading to data theft, device takeover, or lateral movement within the network.

🟠

Likely Case

Remote code execution leading to device compromise, data exfiltration, or use as a foothold for further network attacks.

🟢

If Mitigated

Limited impact if devices are isolated, patched, or have restricted network access, though command injection could still affect device functionality.

🌐 Internet-Facing: HIGH - Devices exposed to the internet are directly vulnerable to remote exploitation without authentication.

🏢 Internal Only: HIGH - Even internally, unauthenticated attackers on the network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple ZDI advisories indicate weaponization is likely given the high CVSS score and unauthenticated nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released after 2021-12-07

Vendor Advisory: https://support.lexmark.com/alerts/

Restart Required: Yes

Instructions:

1. Visit Lexmark support site. 2. Identify your device model. 3. Download latest firmware. 4. Apply firmware update via web interface or management tools. 5. Reboot device.

🔧 Temporary Workarounds

Network segmentation

all

Isolate Lexmark devices on separate VLANs with restricted access

Disable web interface

all

Disable the embedded web server if not required for operations

🧯 If You Can't Patch

Implement strict network access controls to limit device exposure
Monitor device logs for suspicious command execution attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or management console. If version date is 2021-12-07 or earlier, device is vulnerable.

Check Version:

Check via web interface at http://[device-ip]/settings or using Lexmark management tools

Verify Fix Applied:

Verify firmware version shows date after 2021-12-07 and test web interface functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in device logs
Multiple failed authentication attempts followed by command execution

Network Indicators:

HTTP requests with command injection patterns to device web interface
Unexpected outbound connections from printer devices

SIEM Query:

source="lexmark-device" AND (http_uri="*cmd=*" OR http_uri="*;*" OR http_uri="*|*" OR http_uri="*`*" OR http_uri="*$(*")

📊 Metadata

CVE ID: CVE-2021-44735

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: January 20, 2022

Last Updated: November 21, 2024

🔗 References

https://support.lexmark.com/alerts/ Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-326/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-329/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-330/ Third Party Advisory,VDB Entry
https://support.lexmark.com/alerts/ Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-326/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-329/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-330/ Third Party Advisory,VDB Entry

📋 TL;DR

💻 Affected Systems

📦 What is this software?

B2236 Firmware by Lexmark

B2338 Firmware by Lexmark

B2442 Firmware by Lexmark

B2546 Firmware by Lexmark

B2650 Firmware by Lexmark

B2865 Firmware by Lexmark

B3340 Firmware by Lexmark

B3442 Firmware by Lexmark

C2240 Firmware by Lexmark

C2325 Firmware by Lexmark

C2326 Firmware by Lexmark

C2425 Firmware by Lexmark

C2535 Firmware by Lexmark

C3224 Firmware by Lexmark

C3326 Firmware by Lexmark

C3426 Firmware by Lexmark

C4150 Firmware by Lexmark

C6160 Firmware by Lexmark

C9235 Firmware by Lexmark

Cs331 Firmware by Lexmark

Cs421 Firmware by Lexmark

Cs431 Firmware by Lexmark

Cs439 Firmware by Lexmark

Cs521 Firmware by Lexmark

Cs622 Firmware by Lexmark

Cs720 Firmware by Lexmark

Cs725 Firmware by Lexmark

Cs727 Firmware by Lexmark

Cs728 Firmware by Lexmark

Cs820 Firmware by Lexmark

Cs827 Firmware by Lexmark

Cs827 Firmware by Lexmark

Cs921 Firmware by Lexmark

Cs923 Firmware by Lexmark

Cs927 Firmware by Lexmark

Cx331 Firmware by Lexmark

Cx421 Firmware by Lexmark

Cx431 Firmware by Lexmark

Cx522 Firmware by Lexmark

Cx622 Firmware by Lexmark

Cx625 Firmware by Lexmark

Cx725 Firmware by Lexmark

Cx727 Firmware by Lexmark

Cx820 Firmware by Lexmark

Cx825 Firmware by Lexmark

Cx860 Firmware by Lexmark

Cx920 Firmware by Lexmark

Cx921 Firmware by Lexmark

Cx922 Firmware by Lexmark

Cx923 Firmware by Lexmark

Cx924 Firmware by Lexmark

M1242 Firmware by Lexmark

M1246 Firmware by Lexmark

M1342 Firmware by Lexmark

M3250 Firmware by Lexmark

M5255 Firmware by Lexmark

M5270 Firmware by Lexmark

Mb2236 Firmware by Lexmark

Mb2338 Firmware by Lexmark

Mb2442 Firmware by Lexmark

Mb2546 Firmware by Lexmark

Mb2650 Firmware by Lexmark

Mb2770 Firmware by Lexmark

Mb3442 Firmware by Lexmark

Mc2325 Firmware by Lexmark

Mc2425 Firmware by Lexmark

Mc2535 Firmware by Lexmark

Mc2640 Firmware by Lexmark

Mc3224 Firmware by Lexmark

Mc3326 Firmware by Lexmark

Mc3426 Firmware by Lexmark

Mc3426 Firmware by Lexmark

Ms321 Firmware by Lexmark

Ms331 Firmware by Lexmark

Ms421 Firmware by Lexmark

Ms431 Firmware by Lexmark

Ms521 Firmware by Lexmark