VAR-201502-0017
Vulnerability from variot - Updated: 2023-12-18 14:01Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LibraryFileUploadServlet servlet. An attacker could leverage this to execute arbitrary code as SYSTEM. Lexmark Markvision Enterprise is a web-based network device management software from Lexmark. This software is mainly used to manage network devices such as printers, such as providing some printer drivers for Unix systems. Failed attacks may cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "markvision enterprise",
"scope": null,
"trust": 2.1,
"vendor": "lexmark",
"version": null
},
{
"model": "markvision enterprise",
"scope": "eq",
"trust": 1.9,
"vendor": "lexmark",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "BID",
"id": "72726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lexmark:markvision_enterprise:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "BID",
"id": "72726"
}
],
"trust": 1.0
},
"cve": "CVE-2014-9375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9375",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-01280",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9375",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9375",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-341",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LibraryFileUploadServlet servlet. An attacker could leverage this to execute arbitrary code as SYSTEM. Lexmark Markvision Enterprise is a web-based network device management software from Lexmark. This software is mainly used to manage network devices such as printers, such as providing some printer drivers for Unix systems. Failed attacks may cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "BID",
"id": "72726"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9375",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-15-046",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2648",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01280",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341",
"trust": 0.6
},
{
"db": "BID",
"id": "72726",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "BID",
"id": "72726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"id": "VAR-201502-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01280"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01280"
}
]
},
"last_update_date": "2023-12-18T14:01:55.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TE677",
"trust": 0.8,
"url": "http://support.lexmark.com/index?page=content\u0026id=te677"
},
{
"title": "Lexmark has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.lexmark.com/index?page=content\u0026id=te677\u0026locale=en\u0026userlocale=en_us"
},
{
"title": "Lexmark Markvision Enterprise LibraryFileUploadServlet servlet directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55555"
},
{
"title": "MVE-2.1.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54214"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-046/"
},
{
"trust": 1.6,
"url": "http://support.lexmark.com/index?page=content\u0026id=te677"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9375"
},
{
"trust": 0.7,
"url": "http://support.lexmark.com/index?page=content\u0026id=te677\u0026locale=en\u0026userlocale=en_us"
},
{
"trust": 0.3,
"url": "http://www1.lexmark.com/en_us/software/markvision/index.shtml"
},
{
"trust": 0.3,
"url": "http://support.lexmark.com/index?page=content\u0026id=te677\u0026locale=en\u0026userlocale=en_us "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "BID",
"id": "72726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"db": "BID",
"id": "72726"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72726"
},
{
"date": "2015-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"date": "2015-02-16T15:59:00.057000",
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"date": "2015-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-15-046"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01280"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72726"
},
{
"date": "2015-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007899"
},
{
"date": "2015-02-17T20:16:18.947000",
"db": "NVD",
"id": "CVE-2014-9375"
},
{
"date": "2015-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lexmark Markvision Enterprise of LibraryFileUploadServlet Directory traversal vulnerability in servlets",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-341"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…