Kritiske sårbarheder findes i PrinterLogic Print Management

Sårbarheder i PrinterLogic Print Management-software gør det muligt angribere eksternt udføre kode på de afsluttende punkter med systemrettigheder.

specialists from Software Engineering Institute from Carnegie Mellon University discovered these vulnerabilities.

Problemer inddrage PrinterLogic Print Management versioner 18.3.1.96 og tidligere.

Den farligste sårbarhed er i fraværende af kontrol for SSL-certifikater og certifikater med signerede opdateringer til software, so attackers can change program configurations.

i øvrigt, PrinterLogic agent does not check initial browser input data and attacker can use it for changing of configuration settings.

Attacker can use invalid or malware certificate and with the help of “man-in-the-middle” attack make program connect to malware host or accept malware data that was sent by the allegedly reliable source.

In the CVSS system of hazards evaluation vulnerability (CVE-2018-5408) scored 7,8 point of 10 possible.

Second vulnerability (CVE-2018-5409) exists hence PrinterLogic Print Management updates and performs a code without check of its origin and uniformity. Attacker can perform random code by compromising trusted host, DNS-spoofing or code modification in the process of transition.

Third problem is in absence of sufficient check of special symbols, due to it attacker can remotely make unsanctioned changes in the configuration files.

Solution from Software Engineering Institute specialists:

Update PrinterLogic Print Management Software when patches become available.

Consider using ‘always onVPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.

Kilde: https://kb.cert.org

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

MageCart på Heroku Cloud Platform

Forskere har fundet flere MageCart Web Forplove On Heroku Cloud Platform

Forskere ved Malwarebytes rapporteret om at finde flere MageCart web skummere på Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware masker som en Android chat applikation

Trend Micro eksperter opdagede malware CallerSpy, hvilke masker som en Android chat program og, …

Efterlad et Svar