Lexmark Markvision Enterprise Remote Command Execution

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote web server has a web application that is affected by a
remote command execution vulnerability.

Description :

The version of Lexmark Markvision installed on the remote host is
earlier than 1.8.0 and gets installed with a Groovy Shell (intended for
diagnostic purposes) that binds to TCP port 9789. This could allow
for commands to be executed by an unauthenticated, remote attacker.

Note that this plugin does not verify that Groovy Shell is listening and
instead only does a version check of Lexmark Markvision install.

See also :


Solution :

Upgrade to Lexmark Markvision 1.8.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 66328 ()

Bugtraq ID: 59513

CVE ID: CVE-2013-3055

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now