An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).
References
Link | Resource |
---|---|
https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm | Release Notes |
https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm | Release Notes |
https://www.vasion.com/press-releases/printerlogic-rebrands | Broken Link Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-25T00:00:00
Updated: 2023-07-25T00:00:00
Reserved: 2023-05-05T00:00:00
Link: CVE-2023-32232
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-25T01:15:09.177
Modified: 2023-08-02T19:12:35.040
Link: CVE-2023-32232
JSON object: View
Redhat Information
No data.
CWE