CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5409 – PrinterLogic Print Management Software updates and executes the code without origin and code verification
https://notcve.org/view.php?id=CVE-2018-5409
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit. El programa PrinterLogic Print Management, hasta la versión 18.3.1.96 incluyendola, actualiza y ejecuta el código sin comprobar suficientemente el origen y la integridad del código. Un atacante puede ejecutar código malicioso al comprometer el servidor host, realizar una falsificación de DNS o modificar el código en tránsito. • http://www.securityfocus.com/bid/108285 https://kb.cert.org/vuls/id/169249 • CWE-346: Origin Validation Error CWE-494: Download of Code Without Integrity Check •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5408 – PrinterLogic Print Management Software fails to validate the management portal SSL certificates
https://notcve.org/view.php?id=CVE-2018-5408
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. El programa PrinterLogic Print Management, hasta la versión 18.3.1.96 incluyendola, no válida, o válida incorrectamente, el certificado SSL del portal de administración de PrinterLogic. Cuando un certificado no es válido o es malicioso, podría permitir a un atacante falsificar una entidad de confianza mediante el uso de un ataque de tipo man-in the-middel (MITM). • http://www.securityfocus.com/bid/108285 https://kb.cert.org/vuls/id/169249 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9505 – PrinterLogic Print Management Software does not sanitize special characters
https://notcve.org/view.php?id=CVE-2019-9505
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges. El programa PrinterLogic Print Management, versiones hasta 18.3.1.96 incluyedola, no hace saneamiento de los caracteres especiales que admiten cambios remotos no autorizados a los archivos de configuración. Un atacante no identificado puede ejecutar de forma remota un código arbitrario con privilegios SYSTEM. • http://www.securityfocus.com/bid/108285 https://kb.cert.org/vuls/id/169249 • CWE-159: Improper Handling of Invalid Use of Special Elements •