The current and older versions of PrinterLogic Print Management Software contain three high-severity vulnerabilities that would-be attackers could exploit to reconfigure the software and remotely execute code.
According to a security advisory from the CERT/CC at Carnegie Mellon University’s Software Engineering Institute, the PrinterLogic agent fails to properly validate the PrinterLogic management portal’s SSL certificate (CVE-2018-5408) and PrinterLogic update packages (CVE-2018-5409). It also does not sanitize web browser input (CVE-2019-9505).
Malicious actors could exploit CVE-2018-5408 by introducing an invalid or malicious certificate that allows them to conduct a man-in-the-middle attack.
“The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host,” the CERT/CC’s advisory states.
They could also abuse CVE-2018-5409 in order to execute malicious code
“by compromising the host server, performing DNS spoofing or modifying the code in transit,” the advisory continues. And the third vulnerability, CVE-2019-9505, could be exploited to allow remote unauthorized changes to configuration files.
Versions 220.127.116.11 of PrinterLogic are affected by the trio of bugs. As of May 6 at noon ET, there are no patched versions available. In the meantime, the CERT/CC suggests that PrinterLogic customers “consider using ‘always on’ VPN to prevent some of the MITM scenarios and enforce application whitelisting on the endpoint to prevent the PrinterLogic agent from executing malicious code.”
UPDATE 5/10/19: PrinterLogic now has has an active resolution in place to address the vulnerability. The solution is available here.