CVE-2014-9375

Lexmark Markvision Enterprise LibraryFileUploadServlet Remote Code Execution Vulnerability

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

Vulnerabilidad de salto de directorio en el servlet LibraryFileUploadServlet en Lexmark Markvision Enterprise permite a usuarios remotos autenticados escribir a y ejecutar ficheros arbitrarios a través de un .. (punto punto) en la ruta de un fichero en un archivo ZIP.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the LibraryFileUploadServlet servlet. By supplying a crafted ZIP archive which includes directory traversal in the archive filenames, an attacker is able to upload files to any location on the system. An attacker could leverage this to execute arbitrary code as SYSTEM.

*Credits: Andrea Micalizzi (rgod)

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-12-11 CVE Reserved
2015-02-13 CVE Published
2024-08-06 CVE Updated
2024-11-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (2)

URL	Tag	Source
http://www.zerodayinitiative.com/advisories/ZDI-15-046	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.lexmark.com/index?page=content&id=TE677	2015-02-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lexmark Search vendor "Lexmark"		Markvision Enterprise Search vendor "Lexmark" for product "Markvision Enterprise"				-		-		Affected