search menu icon-carat-right cmu-wordmark

CERT Coordination Center

PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.

Vulnerability Note VU#169249

Original Release Date: 2019-05-03 | Last Revised: 2019-05-10

Overview

PrinterLogic Print Management Software fails to validate SSL and software update certificates, which could allow an attacker to reconfigure the software and remotely execute code. In addition, the PrinterLogic agent does not sanitize browser input allowing a remote attacker to modify configuration settings. These vulnerabilities may result in a remote attacker executing code on workstations running the PrinterLogic agent.

Description

PrinterLogic versions up to and including 18.3.1.96 are vulnerable to multiple attacks. The PrinterLogic agent, running as SYSTEM, does not validate the PrinterLogic Management Portal's SSL certificate, validate PrinterLogic update packages, or sanitize web browser input.

CVE-2018-5408: The PrinterLogic Print Management software does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. (CWE-295)

CVE-2018-5409: PrinterLogic Print Management software updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit. (CWE-494)

CVE-2019-9505: PrinterLogic Print Management software does not sanitize special characters allowing for remote unauthorized changes to configuration files. (CWE-159)

Impact

An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.

Solution

Update PrinterLogic Print Management Software when patches become available.

Consider using 'always on' VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.

Vendor Information

169249
 
Affected   Unknown   Unaffected

PrinterLogic

Notified:  August 24, 2018 Updated:  May 10, 2019

Statement Date:   August 24, 2018

Status

  Affected

Vendor Statement

Vendor Information

For more information, please visit: https://www.printerlogic.com/security-bulletin/

Vendor References

https://www.printerlogic.com/security-bulletin/


CVSS Metrics

Group Score Vector
Base 7.8 AV:N/AC:M/Au:N/C:P/I:C/A:N
Temporal 7.8 E:ND/RL:ND/RC:ND
Environmental 7.8 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to the Adversarial Simulation Team at Sygnia(Sygnia Consulting),led by David Warshavski and Doron Vazgiel,for reporting these vulnerabilities and participating in the coordinated vulnerability disclosure process.

This document was written by Laurie Tyzenhaus.

Other Information

CVE IDs: CVE-2018-5408, CVE-2018-5409, CVE-2019-9505
Date Public: 2019-05-03
Date First Published: 2019-05-03
Date Last Updated: 2019-05-10 13:40 UTC
Document Revision: 51

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.