Official CERT website for the Republic of Uganda
Lexmark Patches Critical Flaw in Printer Management Tool
Lexmark has released an update for its Markvision Enterprise printer management software to address serious vulnerabilities that could allow a remote attacker to execute arbitrary code on the server hosting the product.
Markvision Enterprise is a web-based tool that allows IT professionals to manage up to 20,000 networked printers, regardless of the manufacturer.
Researchers at Digital Defense discovered that the product is affected by a critical vulnerability that can be exploited by an unauthenticated attacker to retrieve arbitrary files from the system or cause a denial-of-service (DoS) condition. Experts said the software is also impacted by an issue that allows an authenticated hacker to upload arbitrary files and execute code with elevated privileges.
Lexmark has described Digital Defense’s findings as a remote code execution vulnerability, which the company tracks as CVE-2016-6918. According to the printer giant, several weaknesses can be combined to conduct an attack that results in the system getting compromised.
For more information Critical Flaw in Printer Management Tool