cnvd - cnvd-2022-11104

cnvd-2022-11104

Vulnerability from cnvd

Title: PrinterLogic Web Stack不安全直接对象引用（IDOR）漏洞（CNVD-2022-11104）

Description:

PrinterLogic Web Stack（PrinterLogic Printer Installer）是美国PrinterLogic公司的一个本地Web应用程序。使 It 部门能够从单个管理控制台跨打印环境管理和自动创建/传播打印机Objects和打印机驱动程序。

PrinterLogic Web Stack存在安全漏洞，攻击者可利用该漏洞为任何打印机重新分配驱动程序。

Severity: 中

Patch Name: PrinterLogic Web Stack不安全直接对象引用（IDOR）漏洞（CNVD-2022-11104）的补丁

Patch Description:

PrinterLogic Web Stack存在安全漏洞，攻击者可利用该漏洞为任何打印机重新分配驱动程序。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.printerlogic.com/security-bulletin/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-42640

Impacted products

Name
PrinterLogic Web Stack <=19.1.1.13 SP9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-42640",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-42640"
    }
  },
  "description": "PrinterLogic Web Stack\uff08PrinterLogic Printer Installer\uff09\u662f\u7f8e\u56fdPrinterLogic\u516c\u53f8\u7684\u4e00\u4e2a\u672c\u5730Web\u5e94\u7528\u7a0b\u5e8f\u3002\u4f7f It \u90e8\u95e8\u80fd\u591f\u4ece\u5355\u4e2a\u7ba1\u7406\u63a7\u5236\u53f0\u8de8\u6253\u5370\u73af\u5883\u7ba1\u7406\u548c\u81ea\u52a8\u521b\u5efa/\u4f20\u64ad\u6253\u5370\u673aObjects\u548c\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nPrinterLogic Web Stack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u4efb\u4f55\u6253\u5370\u673a\u91cd\u65b0\u5206\u914d\u9a71\u52a8\u7a0b\u5e8f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.printerlogic.com/security-bulletin/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-11104",
  "openTime": "2022-02-17",
  "patchDescription": "PrinterLogic Web Stack\uff08PrinterLogic Printer Installer\uff09\u662f\u7f8e\u56fdPrinterLogic\u516c\u53f8\u7684\u4e00\u4e2a\u672c\u5730Web\u5e94\u7528\u7a0b\u5e8f\u3002\u4f7f It \u90e8\u95e8\u80fd\u591f\u4ece\u5355\u4e2a\u7ba1\u7406\u63a7\u5236\u53f0\u8de8\u6253\u5370\u73af\u5883\u7ba1\u7406\u548c\u81ea\u52a8\u521b\u5efa/\u4f20\u64ad\u6253\u5370\u673aObjects\u548c\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nPrinterLogic Web Stack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u4efb\u4f55\u6253\u5370\u673a\u91cd\u65b0\u5206\u914d\u9a71\u52a8\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PrinterLogic Web Stack\u4e0d\u5b89\u5168\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528\uff08IDOR\uff09\u6f0f\u6d1e\uff08CNVD-2022-11104\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "PrinterLogic Web Stack \u003c=19.1.1.13 SP9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-42640",
  "serverity": "\u4e2d",
  "submitTime": "2022-02-08",
  "title": "PrinterLogic Web Stack\u4e0d\u5b89\u5168\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528\uff08IDOR\uff09\u6f0f\u6d1e\uff08CNVD-2022-11104\uff09"
}

CVE-2021-42640 (GCVE-0-2021-42640)

Vulnerability from cvelistv5

Published

2022-02-02 17:18

Modified

2024-08-04 03:38

Severity ?

CWE

Summary

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.

References

▼	URL	Tags
	http://printerlogic.com	x_refsource_MISC
	https://www.printerlogic.com/security-bulletin/	x_refsource_CONFIRM
	https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/	x_refsource_MISC
	https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite	x_refsource_MISC
	https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html	x_refsource_MISC
	https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints	x_refsource_MISC
	https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:38:49.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://printerlogic.com"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.printerlogic.com/security-bulletin/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-02T17:19:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://printerlogic.com"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.printerlogic.com/security-bulletin/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://printerlogic.com",
              "refsource": "MISC",
              "url": "http://printerlogic.com"
            },
            {
              "name": "https://www.printerlogic.com/security-bulletin/",
              "refsource": "CONFIRM",
              "url": "https://www.printerlogic.com/security-bulletin/"
            },
            {
              "name": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/",
              "refsource": "MISC",
              "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"
            },
            {
              "name": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite",
              "refsource": "MISC",
              "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
            },
            {
              "name": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html",
              "refsource": "MISC",
              "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
            },
            {
              "name": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints",
              "refsource": "MISC",
              "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
            },
            {
              "name": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite",
              "refsource": "MISC",
              "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42640",
    "datePublished": "2022-02-02T17:18:46",
    "dateReserved": "2021-10-18T00:00:00",
    "dateUpdated": "2024-08-04T03:38:49.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted