Detections
Analytics

PrinterLogic Client Multiple Vulnerabilities (May 3, 2019)

critical Nessus Plugin ID 152101

Language:

Synopsis

The remote host has an application installed that is affected by multiple vulnerabilities.

Description

The version of PrinterLogic Client installed on the remote host is affected by the following vulnerabilities:

 - The PrinterLogic Print Management software does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. (CVE-2018-5408)

 - The PrinterLogic Print Management software updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit. (CVE-2018-5409)

 - The PrinterLogic Print Management software does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges. (CVE-2019-9505)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PrinterLogic software for Windows version 25.0.0.49 or later, or PrinterLogic software for Mac and Linux version 25.1.0.274 or later, and apply the configuration mentioned in the vendor advisory.

See Also

https://www.printerlogic.com/security-bulletin/

Plugin Details

Severity: Critical

ID: 152101

File Name: printerlogic_client_may_3_2019.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 7/27/2021

Updated: 7/28/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-9505

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:printerlogic:print_management

Exploit Ease: No known exploits are available

Patch Publication Date: 5/3/2019

Vulnerability Publication Date: 5/3/2019

Reference Information

CVE: CVE-2018-5408, CVE-2018-5409, CVE-2019-9505