Lexmark Markvision Enterprise Diagnostic Port Vulnerability

by Carol~ Moderator - 4/30/13 10:36 AM

In Reply to: VULNERABILITIES / FIXES - April 30, 2013 by Carol~ Moderator

Release Date : 2013-04-30

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status: Vendor Patch

Software: Lexmark MarkVision Enterprise 1.x

Description:
A vulnerability has been reported in Lexmark Markvision Enterprise, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the application not properly restricting access to a diagnostic port, which can be exploited to disclose and manipulate configuration data and fleet management information or execute arbitrary code within the application framework via TCP port 9789.

The vulnerability is reported in versions prior to 1.8.

Solution:
Update to version 1.8.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://support.lexmark.com/index?page=content&id=TE530

http://secunia.com/advisories/53185/