CVE-2019-9505 - OpenCVE

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Printerlogic	Print Management

Configuration 1 [-]

cpe:2.3:a:printerlogic:print_management:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/108285	Broken Link
https://kb.cert.org/vuls/id/169249/	US Government Resource Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2019-05-08T14:48:20

Updated: 2019-05-10T16:06:05

Reserved: 2019-03-01T00:00:00

Link: CVE-2019-9505

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-08T15:30:54.877

Modified: 2021-11-03T19:40:50.170

Link: CVE-2019-9505

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Management Software", "vendor": "PrinterLogic", "versions": [{"lessThanOrEqual": "8.3.1.96", "status": "affected", "version": "8.3.1.96", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-159", "description": "CWE-159 Failure to Sanitize Special Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-10T16:06:05", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/169249/"}, {"name": "108285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108285"}], "source": {"discovery": "UNKNOWN"}, "title": "PrinterLogic Print Management Software does not sanitize special characters", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9505", "STATE": "PUBLIC", "TITLE": "PrinterLogic Print Management Software does not sanitize special characters"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Management Software", "version": {"version_data": [{"version_affected": "<=", "version_name": "8.3.1.96", "version_value": "8.3.1.96"}]}}]}, "vendor_name": "PrinterLogic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-159 Failure to Sanitize Special Element"}]}]}, "references": {"reference_data": [{"name": "VU#", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/169249/"}, {"name": "108285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108285"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9505", "datePublished": "2019-05-08T14:48:20", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2019-05-10T16:06:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:printerlogic:print_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "092E9A95-4811-4796-8B18-24BF4F0EEE1D", "versionEndIncluding": "18.3.1.96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}, {"lang": "es", "value": "El programa PrinterLogic Print Management, versiones hasta 18.3.1.96 incluyedola, no hace saneamiento de los caracteres especiales que admiten cambios remotos no autorizados a los archivos de configuraci\u00f3n. Un atacante no identificado puede ejecutar de forma remota un c\u00f3digo arbitrario con privilegios SYSTEM."}], "id": "CVE-2019-9505", "lastModified": "2021-11-03T19:40:50.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-08T15:30:54.877", "references": [{"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108285"}, {"source": "cret@cert.org", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://kb.cert.org/vuls/id/169249/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-159"}], "source": "cret@cert.org", "type": "Secondary"}]}