Security

PrinterLogic fixes high severity flaws in Printer Management Suite

PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws.

PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1).

Below is the list of vulnerabilities fixed by Paranoids:

  • CVE-2021-42631: Object Injection leading to RCE
  • CVE-2021-42635: Hardcoded APP_KEY leading to RCE
  • CVE-2021-42638: Misc command injections leading to RCE
  • CVE-2021-42633: SQLi may disclose audit logs
  • CVE-2021-42637: Blind SSRF
  • CVE-2021-42639: Misc reflected XSS
  • CVE-2021-42640: Driver assignment IDOR
  • CVE-2021-42641: Username/email info disclosure
  • CVE-2021-42642: Printer console username/password info disclosure

An attacker can trigger these three vulnerabilities to remotely execute arbitrary code on vulnerable systems.

CVE-2021-42631 is an object injection flaw, CVE-2021-42635 is a hardcoded APP_KEY issue, while CVE-2021-42638 is miscellaneous command injections. PrinterLogic pointed out that most of the installs are not internet-facing. 

In order to exploit the PrinterLogic Web Stack server, attackers would need a privileged network position, such as access through a VPN or another vulnerability (i.e. SSRF) in an appliance on the edge. 

Experts did not disclose the component affected by the vulnerability in order to give customers some time to address the flaws.

The timeline for the flaws is:

  • April 19th – Set up a testing environment
  • May 4th – Decrypted the Web Stack server code, which allowed us to begin performing source auditing
  • May 6th – Identified initial pre-auth object injection vulnerability (CVE-2021-42631)
  • May 19th – Began Work on developing a full exploitation toolkit around the vulnerability
  • June 4th – Full exploit was completed and ready for operational use

The Paranoids researchers noted that the majority of PrinterLogic installations are not directly accessible from the Internet.

The flaws impact all PrinterLogic Web Stack version 19.1.1.13 SP9 and earlier, and Virtual Appliance version 20.0.1304 and earlier, when used with macOS or Linux endpoint client software.

PrinterLogic addressed the issue with the release of Web Stack version 19.1.1.13-SP10, no client software updates are required for Virtual Appliance. .

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Printer Management Suite)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply…

2 hours ago

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report…

9 hours ago

City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services.…

14 hours ago

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Ukraine’s security service (SBU) detained two individuals accused of supporting Russian intelligence in spreading propaganda…

14 hours ago

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively…

1 day ago

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution…

1 day ago

This website uses cookies.