CVE-2021-44738

Q: What is the severity of CVE-2021-44738?

CVE-2021-44738 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in Lexmark printer postscript interpreters allows remote code execution. Attackers can exploit this by sending specially crafted print jobs to affected Lexmark devices. Organizations using Lexmark printers through 2021-12-07 are vulnerable.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Lexmark printer postscript interpreters allows remote code execution. Attackers can exploit this by sending specially crafted print jobs to affected Lexmark devices. Organizations using Lexmark printers through 2021-12-07 are vulnerable.

💻 Affected Systems

Products:

Lexmark printers with postscript interpreter

Versions: All versions through 2021-12-07

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with postscript interpreter enabled. Check specific models on Lexmark advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent attacker access, lateral movement into corporate networks, and data exfiltration.

🟠

Likely Case

Remote code execution allowing attackers to disrupt printing services, install malware, or use devices as network footholds.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Printers exposed to internet can be directly exploited without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but exploitation is unauthenticated.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple ZDI advisories indicate weaponization likely. Exploitation requires sending malicious print job.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates after 2021-12-07

Vendor Advisory: https://support.lexmark.com/alerts/

Restart Required: Yes

Instructions:

1. Visit Lexmark support site. 2. Identify your printer model. 3. Download latest firmware. 4. Upload firmware to printer via web interface. 5. Reboot printer.

🔧 Temporary Workarounds

Disable PostScript

all

Disable PostScript interpreter if not required for printing needs

Network Segmentation

all

Isolate printers on separate VLAN with restricted access

🧯 If You Can't Patch

Implement strict network access controls allowing only trusted hosts to communicate with printers
Monitor printer network traffic for anomalous print job patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version date in printer web interface. If before 2021-12-07, likely vulnerable.

Check Version:

Check via printer web interface: Settings > Device > About or similar menu

Verify Fix Applied:

Confirm firmware version date is after 2021-12-07 in printer settings.

📡 Detection & Monitoring

Log Indicators:

Unusual print job failures
PostScript interpreter crashes
Multiple failed print attempts from single source

Network Indicators:

Large or malformed print jobs to Lexmark printers
Unexpected network connections from printers

SIEM Query:

source="printer_logs" AND (event="postscript_error" OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2021-44738

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: January 20, 2022

Last Updated: November 21, 2024

🔗 References

https://support.lexmark.com/alerts/ Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-327/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-328/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-382/ Third Party Advisory,VDB Entry
https://support.lexmark.com/alerts/ Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-327/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-328/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-382/ Third Party Advisory,VDB Entry

📋 TL;DR

💻 Affected Systems

📦 What is this software?

6500e Firmware by Lexmark

B2236 Firmware by Lexmark

B2338 Firmware by Lexmark

B2442 Firmware by Lexmark

B2546 Firmware by Lexmark

B2650 Firmware by Lexmark

B2865 Firmware by Lexmark

B3340 Firmware by Lexmark

B3442 Firmware by Lexmark

C2132 Firmware by Lexmark

C2240 Firmware by Lexmark

C2325 Firmware by Lexmark

C2326 Firmware by Lexmark

C2425 Firmware by Lexmark

C2535 Firmware by Lexmark

C3224 Firmware by Lexmark

C3326 Firmware by Lexmark

C3426 Firmware by Lexmark

C4150 Firmware by Lexmark

C6160 Firmware by Lexmark

C734 Firmware by Lexmark

C736 Firmware by Lexmark

C746 Firmware by Lexmark

C748 Firmware by Lexmark

C792 Firmware by Lexmark

C9235 Firmware by Lexmark

C925 Firmware by Lexmark

C950 Firmware by Lexmark

Cs310 Firmware by Lexmark

Cs317 Firmware by Lexmark

Cs331 Firmware by Lexmark

Cs410 Firmware by Lexmark

Cs417 Firmware by Lexmark

Cs421 Firmware by Lexmark

Cs431 Firmware by Lexmark

Cs439 Firmware by Lexmark

Cs510 Firmware by Lexmark

Cs517 Firmware by Lexmark

Cs521 Firmware by Lexmark

Cs622 Firmware by Lexmark

Cs720 Firmware by Lexmark

Cs725 Firmware by Lexmark

Cs727 Firmware by Lexmark

Cs728 Firmware by Lexmark

Cs748 Firmware by Lexmark

Cs796 Firmware by Lexmark

Cs820 Firmware by Lexmark

Cs827 Firmware by Lexmark

Cs827 Firmware by Lexmark

Cs921 Firmware by Lexmark

Cs923 Firmware by Lexmark

Cs927 Firmware by Lexmark

Cx310 Firmware by Lexmark

Cx317 Firmware by Lexmark

Cx331 Firmware by Lexmark

Cx410 Firmware by Lexmark

Cx417 Firmware by Lexmark

Cx421 Firmware by Lexmark

Cx431 Firmware by Lexmark

Cx510 Firmware by Lexmark

Cx517 Firmware by Lexmark

Cx522 Firmware by Lexmark

Cx622 Firmware by Lexmark

Cx625 Firmware by Lexmark

Cx725 Firmware by Lexmark

Cx727 Firmware by Lexmark

Cx820 Firmware by Lexmark

Cx825 Firmware by Lexmark

Cx860 Firmware by Lexmark

Cx920 Firmware by Lexmark

Cx921 Firmware by Lexmark

Cx922 Firmware by Lexmark

Cx923 Firmware by Lexmark

Cx924 Firmware by Lexmark

E46x Firmware by Lexmark

M1140\+ Firmware by Lexmark

M1140\+ Firmware by Lexmark