News

Critical vulnerabilities are found in PrinterLogic Print Management

Vulnerabilities in PrinterLogic Print Management software allow attackers remotely perform code on the final points with system privileges.

Specialists from Software Engineering Institute from Carnegie Mellon University discovered these vulnerabilities.

Issues involve PrinterLogic Print Management versions 18.3.1.96 and earlier.

The most dangerous vulnerability is in absent of checks for SSL-certificates and certificates with signed updates for software, so attackers can change program configurations.

Moreover, PrinterLogic agent does not check initial browser input data and attacker can use it for changing of configuration settings.

Attacker can use invalid or malware certificate and with the help of “man-in-the-middle” attack make program connect to malware host or accept malware data that was sent by the allegedly reliable source.

In the CVSS system of hazards evaluation vulnerability (CVE-2018-5408) scored 7,8 point of 10 possible.

Second vulnerability (CVE-2018-5409) exists hence PrinterLogic Print Management updates and performs a code without check of its origin and uniformity. Attacker can perform random code by compromising trusted host, DNS-spoofing or code modification in the process of transition.

Third problem is in absence of sufficient check of special symbols, due to it attacker can remotely make unsanctioned changes in the configuration files.

Solution from Software Engineering Institute specialists:

Update PrinterLogic Print Management Software when patches become available.

Consider using ‘always on’ VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.

Source: https://kb.cert.org

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

24 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

24 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

24 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago