Lexmark Security Advisory:
Revision: 1.0Last Update: 22 April 2013Public Release Date: 22 April 2013
Unauthorized access vulnerabilityMarkVision Enterprise contains a vulnerability that allows an unauthenticated remote attacker to access and modify configuration data and fleet management information, in addition to executing commands within the application.
MarkVision Enterprise; for specific details see “Software Versions & Fixes”.
MarkVision Enterprise is a tool that gives IT professionals the ability to track and monitor thousands of print devices.In some versions of MarkVision Enterprise a diagnostic port is active listening on TCP port 9789. This port provides unauthenticated access to application data and the ability to execute code within the application framework.
Successful exploitation of this vulnerability can lead to the disclosure of user and device data stored in the MarkVision Enterprise database, and the ability to execute code within the MarkVision platform.
Vulnerability Scoring Details
CVSS Base Score 9.3
CompleteCVSS scores are calculated in accordance with CVSS version 2.0.
Block access to port 9789 on the computer which hosts the MarkVision Enterprise server. Please contact the Lexmark Technical Support Center at 1-800-539-6275 for additional information.
Software Versions and Fixes
The vulnerability described in this advisory has been fixed in MarkVision Enterprise v1.8 and all future releases.
Obtaining Updated Software
To obtain MarkVision Enterprise v1.8, please navigate to http://www.lexmark.com/markvision.
Exploitation and Public Announcements
Lexmark is not aware of any malicious use of the vulnerability described in this advisory. Information about this vulnerability has not been published by others previous to this advisory.
Status of this Notice
This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.
This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts. Future updates to this document will be posted on Lexmark’s web site at the same location.
Revision Date Reason
1.0 4/22/13 Initial Publication