Researchers at Sygnia Consulting security have found that flaws in the PrinterLogic Print Management software could let an invader perform code remotely on endpoints.

The key problem is that the software does not authenticate SSL and software update certificates, which could let an invader reconfigure the software. Additionally, the PrinterLogic agent is unable to disinfect browser input, which could be harmed by a distant invader to adjust configuration settings.

With a CVSS score of 7.8, the issues have a high severity rating, according to a susceptibility note on the CERT Coordination Center website.

The first of the exposed flaws is traced as CVE-2018-5408, and resides in the PrinterLogic Print Management software not authenticating, or erroneously validating, the PrinterLogic management portal’s SSL certificate.

Therefore, an invader could influence an invalid or spiteful certificate to spoof a reliable object through a man-in-the-middle (MiTM) attack. The software could be deceived into connecting to a hateful host or into accepting spoofed data that seems to originate from a reliable host.

The second flaw, CVE-2018-5409, sits in the software updating and performing code without adequately confirming its source and veracity. This could allow an attacker to perform spiteful code by bargaining the host server, performing DNS spoofing, or adapting the code in transit.

The third issue, tracked as CVE-2019-9505, is that the software does not disinfect special characters, which allows for distant unlawful changes to configuration files.

By maltreating these flaws, an unauthenticated invader may be able to remotely perform arbitrary code with system privileges.

Affected users are directed to update their PrinterLogic Print Management software as soon as patches become available.

To avoid MiTM situations, users should consider using ‘always on’ VPN. They should also apply application whitelisting on the endpoint to avert the implementation of spiteful code through the PrinterLogic agent.

Leave a Reply

Your email address will not be published. Required fields are marked *