High-Severity PrinterLogic Flaws Enable Remote Code Execution

printerlogic vulnerability

The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.

A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent.

PrinterLogic’s Print Management software allows businesses to deploy and use remote printers. Unfortunately it has three flaws, which could allow an unauthenticated, remote attacker to remotely execute arbitrary code with admin privileges. No patch is currently available, according to an advisory.

“PrinterLogic versions up to and including are vulnerable to multiple attacks,” according to a Friday advisory. “The PrinterLogic agent, running as SYSTEM, does not validate the PrinterLogic Management Portal’s SSL certificate, validate PrinterLogic update packages or sanitize web browser input.”

The most serious of the flaws (CVE-2018-5408) stems from the PrinterLogic software failing to validate the management portal’s secure sockets layer (SSL) certificate.

That means, an attacker could spoof a trusted entity by using a man-in-the-middle (MITM) attack and a malicious certificate.

“The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host,” according to the security alert.

Another vulnerability (CVE-2018-5409) exists in how PrinterLogic Print Management executes software updates. The software executes code without sufficiently verifying the origin and integrity of the code, which could allow an attacker can execute malicious code by compromising the host server, performing DNS spoofing or modifying the code in transit.

A final flaw, CVE-2019-9505, exists because PrinterLogic Print Management software does not sanitize special characters, allowing for remote unauthorized changes to configuration files.

“The PrinterLogic agent does not sanitize browser input, allowing a remote attacker to modify configuration settings… That could allow an attacker to reconfigure the software and remotely execute code,” according to the alert.

The flaws were discovered by researchers with Sygnia Consulting.

The security advisory for its part urged users to keep their eyes peeled for upcoming PrinterLogic updates. In the meantime, the advisory said: “Consider using ‘always on’ VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.”

Neither PrinterLogic nor Sygnia Consulting responded to requests for comment from Threatpost.

Security flaws continue to plague printers. In 2018, researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities, simply by sending a fax. In August, HP patched hundreds of inkjet models vulnerable to two remote code-execution flaws.

And in December, a hacker claimed to have commandeered 50,000 printers globally in order to print pamphlets promoting YouTube star “PewDiePie.”


Suggested articles