Directory Traversal Vulnerability in Lexmark MarkVision Enterprise
CVE-2014-8741

9.8CRITICAL

Key Information:

Vendor: Lexmark
Status: Markvision Enterprise
Vendor: CVE Published:; 27 January 2020

Summary

A directory traversal vulnerability exists in the GfdFileUploadServerlet servlet of Lexmark MarkVision Enterprise versions prior to 2.1. This flaw permits remote attackers to exploit the system by writing malicious files to arbitrary locations, potentially compromising sensitive data and system integrity. Attackers may utilize unspecified vectors to bypass security controls, emphasizing the need for immediate security measures and system updates to mitigate risks.

References

http://support.lexmark.com/index?page=content&id=TE666

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-14-410/

x_refsource_MISC

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Nov 13, 2014