PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1).
Below is the list of vulnerabilities fixed by Paranoids:
An attacker can trigger these three vulnerabilities to remotely execute arbitrary code on vulnerable systems.
CVE-2021-42631 is an object injection flaw, CVE-2021-42635 is a hardcoded APP_KEY issue, while CVE-2021-42638 is miscellaneous command injections. PrinterLogic pointed out that most of the installs are not internet-facing.
In order to exploit the PrinterLogic Web Stack server, attackers would need a privileged network position, such as access through a VPN or another vulnerability (i.e. SSRF) in an appliance on the edge.
Experts did not disclose the component affected by the vulnerability in order to give customers some time to address the flaws.
The timeline for the flaws is:
The Paranoids researchers noted that the majority of PrinterLogic installations are not directly accessible from the Internet.
The flaws impact all PrinterLogic Web Stack version 19.1.1.13 SP9 and earlier, and Virtual Appliance version 20.0.1304 and earlier, when used with macOS or Linux endpoint client software.
PrinterLogic addressed the issue with the release of Web Stack version 19.1.1.13-SP10, no client software updates are required for Virtual Appliance. .
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Printer Management Suite)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.