Zero-Day Discovery within Lexmark Markvision Enterprise Application

By Fortra's Digital Defense

San Antonio, TX – October 18, 2016 Digital Defense, Inc. (DDI), a leading provider of Vulnerability Management as a Service (VMaaS™), disclosed the discovery of two security vulnerabilities found in the Lexmark Markvision Enterprise application. The vulnerabilities can be leveraged to pull encrypted administrative credentials and decrypt with an obtainable static key, allowing remote administrative access to the interface. If exploited, a cybercriminal would have SYSTEM privileges to run remote code, retrieve arbitrary files, and perform denial of service potentially disrupting an organization’s operations.

 

Collaborating with DDI, Lexmark has provided the following information to assist clients with remediation. To obtain Markvision Enterprise v2.4.1, please visit https://www.lexmark.com/markvision.

 

About the Vulnerabilities
Details surrounding the vulnerabilities are available on our blog. Additionally, DDI’s patented scanning technology is capable of detecting all of these vulnerabilities with explicit network tests for the affected network services.


Digital Defense Research Methodology and Practices
DDI’s Vulnerability Research Team (VRT) regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of DDI’s VRT, when coupled with the company’s next generation hybrid cloud platform, FrontlineVulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.

 

"Security vulnerabilities in printers and network devices continue to be a blind spot for most organizations" states Mike Cotton, DDI Vice President of Research and Development. "They continue to serve as a conduit for the most important information companies possess.  As companies continue to lock down their security posture, it’s important they take steps to secure these systems as well."

 

favicon

Try Frontline.Cloud™ with a Free 14-Day Evaluation

Share This