Lexmark has released an update for its Markvision Enterprise printer management software to address serious vulnerabilities that could allow a remote attacker to execute arbitrary code on the server hosting the product.
Markvision Enterprise is a web-based tool that allows IT professionals to manage up to 20,000 networked printers, regardless of the manufacturer.
Researchers at Digital Defense discovered that the product is affected by a critical vulnerability that can be exploited by an unauthenticated attacker to retrieve arbitrary files from the system or cause a denial-of-service (DoS) condition. Experts said the software is also impacted by an issue that allows an authenticated hacker to upload arbitrary files and execute code with elevated privileges.
Lexmark has described Digital Defense’s findings as a remote code execution vulnerability, which the company tracks as CVE-2016-6918. According to the printer giant, several weaknesses can be combined to conduct an attack that results in the system getting compromised.
When installed, Markvision Enterprise stores an encrypted copy of the user-set administrator credentials in a text file. One of the problems is that the product uses an older version of Apache Flex BlazeDS that has a serious vulnerability. The flaw in question, tracked as CVE-2015-3269, can be exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages.
An attacker can exploit this BlazeDS vulnerability to retrieve the file storing the admin credentials. The credentials can be easily decrypted and then used to log in to the Markvision Enterprise application.
Once authenticated, the hacker can exploit an arbitrary file upload vulnerability to place a web shell in the application’s root directory, giving them access to the host operating system with SYSTEM privileges. According to Lexmark, this vulnerability is similar to CVE-2014-8741, which the company patched in December 2014.
The vulnerabilities found by Digital Defense were resolved in late September with the release of Markvision Enterprise 2.4.1. Lexmark says it’s not aware of any attacks in the wild.
As a workaround, users can change the Markvision Enterprise admin password after installation. The encrypted password stored in the text file is not updated after installation, preventing attackers from obtaining the credentials.
Related: Hackers Can Hijack Dell Email Security Appliances
Related: Critical Flaws Found in Dell SonicWALL Product
Related: EMC Patches Critical Flaws in VMAX Storage Products
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
