CVE-2022-25090 – Printix Client 1.3.1106.0 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-25090
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. Printix Secure Cloud Print Management versión 1.3.1035.0, crea un archivo temporal en el directorio con permisos no seguros Printix Client version 1.3.1106.0 suffers from a privilege escalation vulnerability. • https://github.com/ComparedArray/printix-CVE-2022-25090 https://www.exploit-db.com/exploits/50812 http://packetstormsecurity.com/files/166242/Printix-Client-1.3.1106.0-Privilege-Escalation.html http://packetstormsecurity.com/files/167012/Printix-1.3.1106.0-Privilege-Escalation.html http://printix.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-25089 – Printix Client 1.3.1106.0 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-25089
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. Printix Secure Cloud Print Management a través de 1.3.1106.0 utiliza incorrectamente las APIs con privilegios para modificar los valores en HKEY_LOCAL_MACHINE a través de UITasks.PersistentRegistryData. An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe in Printix's "Printix Secure Cloud Print Management" versions 1.3.1106.0 and below allows a local or remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter. • https://github.com/ComparedArray/printix-CVE-2022-25089 https://www.exploit-db.com/exploits/50798 http://packetstormsecurity.com/files/167013/Printix-1.3.1106.0-Privileged-API-Abuse.html http://printix.com • CWE-269: Improper Privilege Management •