Lexmark MarkVision Enterprise < 2.1 Multiple Vulnerabilities

Critical Nessus Plugin ID 80203


The remote web application is affected by multiple vulnerabilities.


The version of Lexmark MarkVision Enterprise installed on the remote host is prior to 2.1.0. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability due to improper handling of user input to the 'GfdFileUploadServerlet' servlet. (CVE-2014-8741)

- An information disclosure vulnerability due to improper handling of user input to the 'ReportDownloadServlet' servlet. (CVE-2014-8742)


Upgrade to Lexmark MarkVision Enterprise 2.1.0 or later.

See Also





Plugin Details

Severity: Critical

ID: 80203

File Name: lexmark_markvision_enterprise_2_1.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2014/12/22

Modified: 2015/02/26

Dependencies: 66326

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:lexmark:markvision

Required KB Items: www/lexmark_markvision_enterprise

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/09

Vulnerability Publication Date: 2014/12/09

Exploitable With

Metasploit (Lexmark MarkVision Enterprise Arbitrary File Upload)

Elliot (Lexmark MarkVision Enterprise 2.0 File Upload)

Reference Information

CVE: CVE-2014-8741, CVE-2014-8742

BID: 71623, 71625

OSVDB: 115622, 115623