CVSS Score v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0965
93.1th percentile
Risk Priority
25
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-44738 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Lexmark Mc3426 Firmware . Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
lexmark
b2236 firmware
≤ mslsg.076.294
lexmark
mb2236 firmware
≤ mxlsg.076.294
lexmark
ms431 firmware
≤ mslbd.076.294
lexmark
ms331 firmware
≤ mslbd.076.294
lexmark
m1342 firmware
≤ mslbd.076.294
lexmark
b3442 firmware
≤ mslbd.076.294
lexmark
b3340 firmware
≤ mslbd.076.294
lexmark
xm1342 firmware
≤ mslbd.076.294
lexmark
mx331 firmware
≤ mxlbd.076.294
lexmark
mx431 firmware
≤ mxlbd.076.294
+224 more product configuration(s) — see NVD for full list
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.
References
Vendor Advisory · cve@mitre.org
Third Party Advisory, VDB Entry · cve@mitre.org
Third Party Advisory, VDB Entry · cve@mitre.org
Third Party Advisory, VDB Entry · cve@mitre.org
Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory, VDB Entry · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory, VDB Entry · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory, VDB Entry · af854a3a-2127-422b-91ae-364da2661108