Zero-Day Discovery within Lexmark Markvision Enterprise Application Disclosed by Digital Defense, Inc.

  • Share:
October 18, 2016
Digital Defense, Inc. (DDI), a leading provider of Vulnerability Management as a Service (VMaaS™), disclosed the discovery of two security vulnerabilities found in the Lexmark Markvision Enterprise application. The vulnerabilities can be leveraged to pull encrypted administrative credentials and decrypt with an obtainable static key, allowing remote administrative access to the interface. If exploited, a cybercriminal would have SYSTEM privileges to run remote code, retrieve arbitrary files, and perform denial of service potentially disrupting an organization’s operations.
Collaborating with DDI, Lexmark has provided the following information to assist clients with remediation. To obtain Markvision Enterprise v2.4.1, please visit 
About the Vulnerabilities
Details surrounding the vulnerabilities are available on the DDI website. Additionally, DDI’s patented scanning technology is capable of detecting all of these vulnerabilities with explicit network tests for the affected network services.
Digital Defense Research Methodology and Practices
DDI’s Vulnerability Research Team (VRT) regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of DDI’s VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline™ Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.
“Security vulnerabilities in printers and network devices continue to be a blind spot for most organizations” states Mike Cotton, DDI Vice President of Research and Development. “They continue to serve as a conduit for the most important information companies possess.  As companies continue to lock down their security posture, it’s important they take steps to secure these systems as well.”
About Digital Defense
Founded in 1999, Digital Defense, Inc. (DDI) is a trusted provider of managed security risk assessment solutions, protecting billions of dollars in assets for clients around the globe, including those in highly regulated industries such as healthcare, financial and retail; as well as those entrusted with sensitive data, such as legal and energy sector members. DDI’s unique Vulnerability Management as a Service (VMaaS™) model delivers consistently accurate vulnerability scanning and penetration testing, while its security awareness training promotes employees’ security-minded behavior. DDI security solutions are highly regarded by industry experts, as illustrated by the company’s top 25 ranking (#21) in Cybersecurity Ventures’ list of the World’s 500 Hottest Cybersecurity Companies, as well as inclusion in CSO Outlook’s Top 10 Network Security Companies and CIO Review’s 20 Most Promising Cyber Security Solutions. Contact DDI at 888-273-1412 or; and connect with us on LinkedIn, Twitter and Blog.
Digital Defense and the Shield Logo are Registered Service Marks of Digital Defense, Inc. All other trademarks are the property of their respective owners.