• Solutions
    • Solutions


    • Scan
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.
    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.
    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.
    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.
    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.
    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.
    • Am I meeting requisite compliance standards? Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.
  • Cloud Subscriptions
    • Frontline Cloud Subscriptions


    • Frontline Advanced™
    • Frontline Pro™
    • Frontline PCI Pro™
    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.
    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.
    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.
    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

  • Platform
    • Platform


    • Frontline RNA™
    • Frontline VM™
    • Frontline WAS™
    • Frontline Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.
    • Frontline Vulnerability Manager (VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none.
    • Frontline Web Application Scanning (WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

  • Network Security Technologies
    • Technologies


    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.
    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™,
  • Professional Services
    • Professional Services


    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.
    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.
    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED™ Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.
    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote

Today Digital Defense, Inc.(DDI) is publishing two zero-day vulnerabilities found in the Lexmark Markvision Enterprise application that our Vulnerability Research Team discovered and brought to the attention of Lexmark.

Lexmark has worked diligently with DDI to understand, resolve and verify the fixes for these security issues.

Lexmark has released fixes. To obtain Markvision Enterprise v2.4.1 visit: http://www.lexmark.com/markvision

Clients who currently use DDI’s Frontline™ Vulnerability Manager can scan for the presence of these issues by performing a full vulnerability assessment.

Details of the vulnerabilities are as follows:

Vendor: Lexmark
Product: Markvision Enterprise
Versions: 2.3.0
Link: http://www.lexmark.com/markvision

Brief product description: Lexmark Markvision Enterprise Network is printer management software with the ability to manage up to 20,000 printers from multiple vendors.

Summary:

  1. DDI-VRT-2016- 73: Unauthenticated XML External Entity Injection via Crafted AMF Message (Critical)
  2. DDI-VRT-2016- 74: Authenticated Arbitrary File Upload Remote Code Execution via Crafted AMF Message (requires authentication)

Details:

Vulnerability: Unauthenticated XML External Entity Injection via Crafted AMF Message (CVE-2015-3269, Apache Flex BlazeDS library, blazeds-core-4.6.0.23207.jar)
Impact: Arbitrary file retrieval with SYSTEM privileges, denial of service and full compromise of the Markvision application and host operating system.
Details: No authentication is required to exploit this vulnerability. The Markvision Enterprise web application uses the blazeds-core-4.6.0.23207.jar to provide server side support for the Flash based web application. The version of this library used by the Markvision Enterprise application does not prevent the use of XML external entities which allows an attacker to retrieve arbitrary text files from the system hosting the application with SYSTEM privileges. This vulnerability can be exploited by sending an HTTP POST with the crafted AMF message to retrieve the encrypted, and Base64 encoded, admin credentials stored in a text file. The credentials can be easily decrypted as they are encrypted using a static key “rivet” and algorithm from the Jasypt Java library.

 

Vulnerability: Authenticated Arbitrary File Upload via Crafted AMF Message
Impact: Remote code execution with SYSTEM privileges.
Details: Authentication is required to exploit this vulnerability. Authenticated users are able to import assets into the Markvision Enterprise application by uploading a CSV file containing the asset information, such as IP address and hostname. When the file is uploaded, the application appends the current time in milliseconds and the “.csv” extension to the filename (original filename of the uploaded file) before storing it. By appending a single null byte to the original filename, the file will be stored with its original filename without appending the time in milliseconds or the “.csv” extension. Additionally, by prepending the filename with one or more “../” (dot dot slashes) and then an arbitrary path, the attacker can write the uploaded file to anywhere on the filesystem with SYSTEM privileges.

By appending the null byte to the filename and using the directory traversal sequence, an attacker can write a web shell into the Markvision Enterprise web application’s root directory, giving the attacker shell access to the hosting OS with SYSTEM privileges. None of the uploadFile methods attempt to sanitize the attacker controlled filename or file content, other than attempting to control part of the filename and the file extension which is easily bypassed.

favicon