CVE-2021-42638 - OpenCVE

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Printerlogic	Web Stack
Apple	Macos

Configuration 1 [-]

AND

OR	cpe:2.3:a:printerlogic:web_stack::::::::
	cpe:2.3:a:printerlogic:web_stack:19.1.1.13:-::::::
	cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp2::::::
	cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp3-3::::::
	cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp9::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

References

Link	Resource
http://printerlogic.com	Vendor Advisory
https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints	Press/Media Coverage Third Party Advisory
https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html	Third Party Advisory
https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite	Press/Media Coverage Third Party Advisory
https://www.printerlogic.com/security-bulletin/	Vendor Advisory
https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite	Press/Media Coverage Third Party Advisory
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/	Exploit Press/Media Coverage Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-01T22:08:54

Updated: 2022-02-01T22:08:54

Reserved: 2021-10-18T00:00:00

Link: CVE-2021-42638

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-01T23:15:07.437

Modified: 2022-02-02T19:14:21.913

Link: CVE-2021-42638

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-01T22:08:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://printerlogic.com"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.printerlogic.com/security-bulletin/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"}, {"tags": ["x_refsource_MISC"], "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"}, {"tags": ["x_refsource_MISC"], "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"}, {"tags": ["x_refsource_MISC"], "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-42638", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://printerlogic.com", "refsource": "MISC", "url": "http://printerlogic.com"}, {"name": "https://www.printerlogic.com/security-bulletin/", "refsource": "CONFIRM", "url": "https://www.printerlogic.com/security-bulletin/"}, {"name": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/", "refsource": "MISC", "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"}, {"name": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite", "refsource": "MISC", "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"}, {"name": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html", "refsource": "MISC", "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"}, {"name": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints", "refsource": "MISC", "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"}, {"name": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite", "refsource": "MISC", "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-42638", "datePublished": "2022-02-01T22:08:54", "dateReserved": "2021-10-18T00:00:00", "dateUpdated": "2022-02-01T22:08:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:printerlogic:web_stack:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7412210-0463-4336-9FAD-E50061806186", "versionEndExcluding": "19.1.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:printerlogic:web_stack:19.1.1.13:-:*:*:*:*:*:*", "matchCriteriaId": "A1B7FE83-A6AC-4A16-B0DE-9D1C22AA40FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp2:*:*:*:*:*:*", "matchCriteriaId": "99309983-36D6-47CA-9CBC-32A210C7DF7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp3-3:*:*:*:*:*:*", "matchCriteriaId": "CBD47013-B42E-4CF1-AF63-AD644B77DFBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp9:*:*:*:*:*:*", "matchCriteriaId": "60152B10-DC40-4132-AF45-52ECFD6782CA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution."}, {"lang": "es", "value": "PrinterLogic Web Stack versiones 19.1.1.13 SP9 y anteriores, no sanean la entrada del usuario, resultando en una ejecuci\u00f3n de c\u00f3digo remota previo a la autenticaci\u00f3n"}], "id": "CVE-2021-42638", "lastModified": "2022-02-02T19:14:21.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-01T23:15:07.437", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://printerlogic.com"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.printerlogic.com/security-bulletin/"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Press/Media Coverage", "Third Party Advisory"], "url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}