High-Severity PrinterLogic Flaws Enable Remote Code Execution

[silversurfer]

The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.

A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent.
 
PrinterLogic’s Print Management software allows businesses to deploy and use remote printers. Unfortunately it has three flaws, which could allow an unauthenticated, remote attacker to remotely execute arbitrary code with admin privileges. No patch is currently available, according to an advisory.
 
“PrinterLogic versions up to and including 18.3.1.96 are vulnerable to multiple attacks,” according to a Friday advisory. “The PrinterLogic agent, running as SYSTEM, does not validate the PrinterLogic Management Portal’s SSL certificate, validate PrinterLogic update packages or sanitize web browser input.”

SOURCE: https://threatpost.com/printerlogic-remo...on/144383/