Lexmark fixed its Markvision Enterprise printer management software.
The patch mitigates serious vulnerabilities that could allow a remote attacker to execute arbitrary code on the server hosting the product.
Markvision Enterprise is a web-based tool that allows IT professionals to manage up to 20,000 networked printers, regardless of the manufacturer.
This critical vulnerability could end up exploited by an unauthenticated attacker to retrieve arbitrary files from the system or cause a denial-of-service (DoS) condition, said researchers at Digital Defense in a blog post.
The software also suffers from an issue that allows an authenticated hacker to upload arbitrary files and execute code with elevated privileges.
The vulnerability is a remote code execution vulnerability, which the company tracks as CVE-2016-6918. Weaknesses can combine to conduct an attack that results in the system getting compromised, Lexmark officials said.
When installed, Markvision Enterprise stores an encrypted copy of the user-set administrator credentials in a text file. One of the issues is the product uses an older version of Apache Flex BlazeDS that has a serious vulnerability. The flaw can end up exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages.
An attacker can exploit this BlazeDS vulnerability to retrieve the file storing the admin credentials. It would be easy to decrypt the credentials and then use them to log in to the Markvision Enterprise application.
Once authenticated, the hacker can exploit an arbitrary file upload vulnerability to place a web shell in the application’s root directory, giving them access to the host operating system with SYSTEM privileges.
The vulnerabilities found by Digital Defense ended up fixed in late September with the release of Markvision Enterprise 2.4.1.