Vulnerability CVE-2021-42640

Vulnerability CVE-2021-42640

Published: 2022-02-02

Description:

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.

Type:

CWE-668

(Exposure of Resource to Wrong Sphere)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.4/10	4.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
Printerlogic -> Web stack

References:

https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite

https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints

https://www.printerlogic.com/security-bulletin/

https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html

https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/

https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite

http://printerlogic.com

Vulnerability CVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.

CWE-668

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

6.4/10

4.9/10

10/10

Remote

Low

No required

Partial

Partial

None

Affected software

References: