Multiple Vulnerabilities In PrinterLogic Software Could Allow Remote Code Execution

According to a recently released advisory, multiple security vulnerabilities have been spotted in PrinterLogic Print Management Software. As much as three different security vulnerabilities in PrinterLogic Software could allow remote code execution by a potential attacker.

PrinterLogic Software Vulnerabilities

A CERT/CC security advisory highlights three different vulnerabilities in PrinterLogic Software. These security flaws existed as the Print Management Software failed to validate the SSL certificate.

As stated in the advisory, these vulnerabilities could let an attacker execute remote codes.

“An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.”

The first of the three vulnerabilities (CVE-2018-5408) existed due to improper certificate validation.

“The PrinterLogic Print Management software does not validate, or incorrectly validates, the PrinterLogic management portal’s SSL certificate.”

This could allow an attacker to spoof a trusted entity by MiTM attacks.

The other vulnerability, CVE-2018-5409, could result in downloading a code without checking its origin or integrity. This could allow an attacker to perform DNS spoofing, compromise host server, or modify codes in transit.

The third vulnerability (CVE-2019-9505) occurred due to the software’s failure in sanitizing special characters.

“PrinterLogic Print Management software does not sanitize special characters allowing for remote unauthorized changes to configuration files.”

Patches To Arrive Shortly

The flaws allegedly affect all PrinterLogic Software versions including and before 18.3.1.96. All these software versions remain vulnerable to multiple attacks.

For now, no patches are available for the three bugs. Nonetheless, the users must ensure updating to the latest patched version as soon as it is available.

Meanwhile, users can apply security procedures to mitigate cyber threats, such as using ‘always-on’ VPN to prevent MiTM attacks. As recommended,

“Consider using ‘always on’ VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.”

Take your time to comment on this article.

Related posts

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign

Unsaflok Flaws Allow Unlocking Saflok Door Locks With Forged Cards