Vulnerabilities in PrinterLogic could allow attackers to perform Remote Code Execution
- PrinterLogic's software does not validate the SSL certificate, verify the integrity of the code, or sanitize special characters.
- This allows an attacker to reconfigure the software and remotely execute arbitrary code.
Vulnerabilities in PrinterLogic Print Management software could allow an attacker to reconfigure the software and remotely execute arbitrary code.
What are the vulnerabilities?
- The vulnerability tracked as (CVE-2018-5408) is due to not validating, or incorrectly validating, the PrinterLogic management portal's SSL certificate. This could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
- The vulnerability tracked as (CVE-2018-5409) arises as the software does not verify the origin and integrity of the code before updating or executing it. This could allow an attacker to execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
- The vulnerability tracked as (CVE-2019-9505) arises because of not sanitizing special characters. This could allow an attacker to remotely make unauthorized changes to configuration files.
Which version is impacted?
The vulnerability has impacted all PrinterLogic agent versions up to 188.8.131.52.
Patch not available
Security update to fix the vulnerabilities is currently not available. However, to avoid MiTM attacks, users should consider using 'always on' VPN. It is also recommended to enforce application whitelisting on the endpoint to prevent the execution of malicious code through the PrinterLogic agent.