Security Bulletins, OVEs, & CVEs

PrinterLogic maintains a robust security program as an ISO 27001:2013 and SOC2 Type 2 certified solution to promptly address any and all security vulnerabilities when discovered. Meeting the ISO standard involves an extensive process of becoming ISO-compliant to better meet our customers’ business, legal, and regulatory requirements. As a globally-recognized security program, maintaining an ISO certification shows a commitment to executing high-quality security practices and improving our security posture through defined processes and documentation.

Our security policies are articulated here that details these certifications as well as the approach to:

  • Physical Security
  • Network Security
  • Application Security
  • Training
  • Data Protection

Our Vasion Trust Center describes in detail the Security tests we’ve run, the polices that we apply and adhere to, as well as a number of monitoring tests we regularly run.

 

 

You will find the resolutions and ongoing efforts regarding the security vulnerabilities reported on May 26th, 2023 in the dedicated OVE section below. We will regularly update the status of these vulnerabilities as fixes are implemented and put into production. Stay informed and be assured that we are actively working to address these issues for enhanced security.

The following OVEs have all been remediated. These were reported in February 2023 on an older product version. Since then, we have since blocked possible entryways for an attack.

PrinterLogic applies the ‘Security Risk’ category and indicates our response to the finding. It does not imply a significant risk but is our prioritization of the issue. In most cases, the actual risk is low. Nevertheless, we remain committed to removing vulnerabilities and ensuring the security of our customer's environments.

These issues mainly apply to PrinterLogic SaaS and the Virtual Appliance and are called out in each OVE below. For PrinterLogic SaaS, resolutions and fixes are applied in production as soon as they are available. For the Virtual Appliance fixes will be applied with the next update, which is expected in mid-June 2023.

OVE-20230524-0001 - Authentication Bypass

  • Security Risk - Low

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - Individual PHP files must consistently implement authentication and authorization checks. However, specific administrative files were missing authentication checks which could allow unauthenticated access to administrative scripts via their direct URLs.

  • Investigation and Remediation/Response - Most vulnerable routes had already been corrected since the version these tests were run against or were already implementing security appropriate for the route. However, we continue to investigate any possible vulnerabilities of this nature and are implementing more comprehensive security measures to prevent potential future vulnerabilities.

OVE-20230524-0002 - SQL Injection

  • Security Risk - High

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact - PrinterLogic SaaS and PrinterLogic VA.

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - The application does not use parameterized queries when retrieving data. Instead, it uses a custom DAO framework that utilizes several escaping functions that attempt to prevent SQL injection using various string handling functions.

     

    The specifically identified vulnerable function is not used with user-supplied data and cannot be abused. All other identified injection points had already been identified and corrected since the version these tests were performed against.

  • Investigation and Remediation/Response - The development process enforces investigation to identify any missing protection on existing pages. All new pages use parameterized queries which protects against future SQL injection points.

OVE-20230524-0003 - Cross Site Scripting

  • Security Risk - High

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status- Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - There were several instances of cross-site scripting identified in the application. ​These could be used with other vulnerabilities to gain access to protected content. To be successful, the user with privileged rights would have to follow a link from a malicious actor.

  • Investigation and Remediation/Response - Individual protection on each page/process has been replaced with a global sanitization script that will remove all instances of cross-site scripting currently and prevent future instances from occurring.

OVE-20230524-0004 - Session Fixation

  • Security Risk - Low

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status - The PrinterLogic security team has assessed this report and found it not to be valid (see Investigation and Remediation/Response below).

  • Vulnerability Description - The /admin/query/verify-login.php script did not issue a new session identifier after login. The concern is that an attacker could prime a known session ID for a user via Cross-Site Scripting (XSS), a phishing or watering hole attack, and then later access the application using the known session ID to bypass authentication.

  • Investigation and Remediation/Response - The issue has already been corrected; no changes would cause it to return in future updates.

OVE-20230524-0005 - Password in URL

  • Security Risk - Medium
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.
  • Vulnerability Description - It is possible to log in using query parameters. However, this allows passwords to leak to third parties via referrer headers, browser history, server logs, proxy logs, URL shortening services, etc. These passwords are encoded in the URL, but there is a risk that allows decoding to plaintext.
  • Investigation and Remediation/Response - While the software allows query parameters for logging in, no existing functionality uses query parameters for that purpose. As such, this is only a vulnerability if a user manually enters their username and password as part of the URL in the browser. The routes have been changed to disallow query parameters to prevent possible use.

OVE-20230524-0007 - Weak password encryption/encoding in use

  • Security Risk - Medium

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - The application appeared to store passwords using unsalted SHA1 hashing and transmitting authentication data using a custom double base64 encoding.

  • Investigation and Remediation/Response - SHA1 has not been actively used in many years, but code remained for backward compatibility to authenticate against legacy passwords initially stored with a SHA1 hash. As such, there is no current vulnerability around SHA1 hashes, but we are removing support for SHA1 entirely, as backward compatibility is no longer needed.

     

    The double-encoded credentials were never intended to be irreversible, nor were the primary line of defense. Therefore, the uses of these credentials are limited to post parameters where the primary security is in the use of the HTTPS protocol.

OVE-20230524-0008 - Insufficient CSRF protection

  • Security Risk - Low
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.
  • Vulnerability Description - The application does not enforce CSRF checks for the majority of its forms, even for the requests that have a value present in a header, cookie, or form; testing found that changing or removing the value had no actual impact on the success of the operation.
  • Investigation and Remediation/Response - The remediation process for this vulnerability has been successfully completed. However, we will continue to monitor and address any potential CSRF issues. Our ongoing efforts focus on securing the most critical legacy routes and protecting them against CSRF attacks. It is important to note that newly developed routes already incorporate CSRF checks as a standard security measure.

OVE-20230524-0009 - Insufficient Antivirus Protection

  • Security Risk - Low
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact - Not applicable
  • Status - The PrinterLogic security team has assessed this report and found it not to be valid (see Investigation and Remediation/Response below).
  • Vulnerability Description - Printer drivers are manually uploaded by admins and assigned to printers. In addition, the PrinterLogic application allows drivers containing known malicious code to be uploaded.
  • Investigation and Remediation/Response - Cryptographic signatures are checked at the time of installation, and drivers without that validation will not be able to be used within PrinterLogic. Anti-virus software installed on the end user’s machine is responsible for the desired anti-virus detection level. We do not attempt to bypass any security on the system.

OVE-20230524-0010 - Insufficient Authorization Checks

  • Security Risks - Critical

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - While the application supports several user levels, most of the individual PHP scripts do not implement granular access control based on roles and do not check RBAC rights but simply rely on an authentication check.

  • Investigation and Remediation/Response - No specific PHP scripts were identified in this vulnerability as having inappropriate authentication checks. However, the remediation is ongoing as we re-examine each script to ensure RBAC checks are applied correctly when appropriate.

OVE-20230524-0011 - Administrative user email enumeration

  • Security Risk - Low
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status - The PrinterLogic security team has assessed this report and found it not to be valid (see Investigation and Remediation/Response below).
  • Vulnerability Description - The forgot password function will confirm whether an email address exists and can be used to enumerate users/emails.
  • Investigation and Remediation/Response - This vulnerability was already fixed in versions released since the version these tests were run against.

OVE-20230524-0012 - Arbitrary content inclusion via iframe

  • Security Risk - Critical

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - An arbitrary iframe URL could redirect the application using a ‘frame busting technique’ and then execute JavaScript or initiate file downloads from an untrusted source. This attack would only be successful if a user is deceived into following a link from a malicious actor and then further tricked into executing the downloaded unsafe content.

  • Investigation and Remediation/Response - This ability to redirect has been removed.

OVE-20230524-0013 - Remote Network Scanning (XSPA)/DoS

  • Security Risk - High
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.
  • Vulnerability Description - There are several PHP files that will initiate connections to a user-defined third-party server using LDAP protocols. This could be used to reach internal cloud services. No known exploits are possible from these pages, which simply test connectivity. Still, it might be possible to gain some form of information about internal resources or attempt to tie up internal resources which might lead to DoS conditions.
  • Investigation and Remediation/Response - For those using SaaS, this does not impact your internal network or security. Remediation has been developed to prevent unauthorized users from running connection tests and restrict user-defined addresses to strictly avoid connection attempts to internal cloud resources.

OVE-20230524-0014 - Insufficient Signature Validation

  • Security Risk - Low

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact - Not applicable

  • Status - The PrinterLogic security team has assessed this report and found it not to be valid (see Investigation and Remediation/Response below).

  • Vulnerability Description - Printer drivers are manually uploaded by admins and assigned to printers. The PrinterLogic application allows drivers to be uploaded that are not cryptographically signed with valid certificates from a trusted authority.

  • Investigation and Remediation/Response - Cryptographic signatures are checked at the time of installation, and drivers without that validation will not be able to be used within PrinterLogic.

OVE-20230524-0015 - Device Impersonation

  • Security Risk - Low
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status- The PrinterLogic security team has assessed this report and found it not to be valid (see Investigation and Remediation/Response below).
  • Vulnerability Description - The Authorized Devices page with OAUTH tokens could be spoofed by renaming a host and impacting another authorized device's record in at least one place..
  • Investigation and Remediation/Response - A machine name identifies Authorized Devices and is an alias to indicate the device that's now been authorized for you in the system. This name is not functional and can’t be used maliciously. However, if a malicious actor already has access to your system, there are other ways within the software to accurately identify the device using its current name, IP address, etc.

OVE-20230524-0016 - OAUTH security bypass

  • Security Risk - High
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact - PrinterLogic SaaS and Virtual Appliance.
  • Status -Fixed in PrinterLogic SaaS and Virtual Appliance.
  • Vulnerability Description - This is a vulnerability where an already authenticated user may use their valid OAUTH credential to impersonate another user. This impersonation is limited exclusively to the ability to see another user’s held print jobs. This could allow a print job to be released early or to an alternative printer. This would not allow any digital access to the contents of any job. Additionally, this would not allow access to any information about current or previously printed jobs.

  • Investigation and Remediation/Response - This vulnerability is only possible if a malicious actor has already been granted access to the self-service portal and print job release portal using their identity. They would also need physical printer access to retrieve a document, as no digital access is possible.

     

    A setting in PrinterLogic SaaS (also included in the next VA release) titled Enable "Automatic Self-service Portal and Release Portal" login has been added to the Portal Settings. This setting allows you to choose if end users remain logged into the Self-service and Release portals or if you want to require users to log in each time they wish to install a printer or release a job. This setting provides an additional option to increase security by requiring end users to log in, but it allows our existing customers not to be disrupted in how their end users interact with the Self-service and Release Portals today. You can find more information on this setting in the Portal Settings topic.

OVE-20230524-0017 - Cookie returned in response body

  • Security Risk - Critical

  • Incidents - There have been no instances of this vulnerability seen or reported.

  • Impact -PrinterLogic SaaS and Virtual Appliance.

  • Status - Fixed in PrinterLogic SaaS and Virtual Appliance.

  • Vulnerability Description - The URL /admin/cookies return the cookie values in the page body. This breaks the HTTPOnly cookie security control used to prevent JavaScript from accessing the cookie values during a session hijacking attack. This would allow a bad actor to impersonate the user and gain access to the console maliciously.

  • Investigation and Remediation/Response - On its own, this vulnerability cannot be exploited. It must be used in conjunction with another vulnerability. We are working on measures to remove this URL.

OVE-20230524-0018 - Known vulnerable components in use

  • Security Risk - Medium
  • Incidents - There have been no instances of this vulnerability seen or reported.
  • Impact -PrinterLogic SaaS and Virtual Appliance.
  • Status - Resolved: This is a constant development process to use the most up-to-date libraries.
  • Vulnerability Description - Third-party JavaScript libraries can introduce a range of DOM-based vulnerabilities, including some that can be used to hijack user accounts like DOM-XSS.
  • Investigation and Remediation/Response - The PrinterLogic application has no known vulnerabilities or exploit methods associated with its libraries. However, to further minimize potential risks, there is a continuous effort to keep all software utilized by PrinterLogic updated to the latest available versions. Older versions are identified and replaced with newer versions as they approach their End-of-Life (EOL) phase. This ongoing development ensures that PrinterLogic consistently incorporates the most up-to-date libraries, fostering a secure and reliable environment.

Overview

Recently, a vulnerability was discovered in the PrinterLogic Windows Client installation process. Vasion has completed remediation for CVE-2023-33704 via an updated Windows Client package.

  • Security Risk: Low
  • Incidents: There have been no instances of this vulnerability seen or reported.
  • Impact: PrinterLogic SaaS, Virtual Appliance, and Web Stack.
  • Status: Fixed in PrinterLogic SaaS, Virtual Appliance, Web Stack.
  • Vulnerability Description: The PrinterLogic Windows Client before Version 25.0.0.897 allows attackers to install print drivers from arbitrary hosts using named pipe token impersonation.

Investigation and Remediation

The vulnerability is remediated by updating the PrinterLogic Windows Client to Version 25.0.0.897 or later. Release notes for client versions are available here.

  • For PrinterLogic SaaS, information about updating clients is found here.
  • For PrinterLogic Virtual Appliance (VA), a VA Application update containing the later Windows clients is available in Application build 20.0.1923. More information about application updates are available here. Once the update is complete, deploy the new client using the steps found here.
  • For PrinterLogic Web Stack, the latest client download is here.
  • If you prefer to push the new Windows client via third-party software, you’ll find the client installation package (MSI) here.

Overview

Recently, a security vulnerability was discovered in the PrinterLogic Windows Client installation process. Vasion has completed remediation for CVE-2023-32232 via an updated Windows Client package.

  • Security Risk: Low
  • Incidents: There have been no instances of this vulnerability seen or reported.
  • Impact: PrinterLogic SaaS, Virtual Appliance, and Web Stack.
  • Status: Fixed in PrinterLogic SaaS, Virtual Appliance, Web Stack.
  • Vulnerability Description: The PrinterLogic Windows Client before Version 25.0.0.864 allows attackers to spawn a System command prompt during the install/repair function.

Investigation and Remediation

The vulnerability is remediated by updating the PrinterLogic Windows Client to Version 25.0.0.864 or later. Release notes for client versions are available here.

  • For PrinterLogic SaaS, information about updating clients is found here.
  • For PrinterLogic Virtual Appliance (VA), a VA Application update containing the later Windows clients is available in Application build 20.0.1923. More information about application updates are available here. Once the update is complete, deploy the new client using the steps found here.
  • For PrinterLogic Web Stack, the latest client download is here.
  • If you prefer to push the new Windows client via third-party software, you’ll find the client installation package (MSI) here.

Overview

Recently, a security vulnerability was discovered in the PrinterLogic Windows Client installation process. Vasion has completed remediation for CVE-2023-32231 via an updated Windows Client package.

  • Security Risk: Low
  • Incidents: There have been no instances of this vulnerability seen or reported.
  • Impact: PrinterLogic SaaS, Virtual Appliance, and Web Stack.
  • Status: Fixed in PrinterLogic SaaS, Virtual Appliance, Web Stack.
  • Vulnerability Description: The PrinterLogic Windows Client before Version 25.0.0.864 allows attackers to execute Dynamic Link Library (DLL) hijacking. A non-admin user could create malicious DLLs and access them during installation, granting them code execution as System.

Investigation and Remediation

The vulnerability is remediated by updating the PrinterLogic Windows Client to Version 25.0.0.864 or later. Release notes for client versions are available here.

  • For PrinterLogic SaaS, information about updating clients is found here.
  • For PrinterLogic Virtual Appliance (VA), a VA Application update containing the later Windows clients is available in Application build 20.0.1923. More information about application updates are available here. Once the update is complete, deploy the new client using the steps found here.
  • For PrinterLogic Web Stack, the latest client download is here.
  • If you prefer to push the new Windows client via third-party software, you’ll find the client installation package (MSI) here.

Overview

Recently, a security vulnerability was discovered in the PrinterLogic Windows Client driver installation process. Vasion has completed remediation for CVE-2022-32427 via an updated Windows Client package.

Vulnerability Description

The PrinterLogic Windows Client on or before Version 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

Investigation and Remediation

You can remediate this by updating the PrinterLogic Windows Client to Version 25.0.0.688 or later. Release notes for the new client are found here. Depending on your PrinterLogic platform, the following instructions apply:

  • For PrinterLogic SaaS, information about updating clients is found here.
  • For the PrinterLogic Virtual Appliance, a VA Application Update containing the new Windows client is available. More information about application updates are available here. Once the update is complete, deploy the new client using the steps found here.
  • For PrinterLogic Web Stack, the latest client download is here.
  • If you prefer to push the new Windows client via third-party software, you’ll find the client installation package (MSI) here.

Overview

A security vulnerability that affects VMware products was reported in CVE-2022-22965. The issue does not impact Vasion software.

Vulnerability Description

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The exploit requires the application to run on Tomcat as a WAR deployment.

Investigation and Remediation

While some customers run their PrinterLogic Virtual Appliance on VMware hypervisors, the VA is not at risk. Information about remediations for VMware software is available here.

Overview

An out-of-bounds vulnerability assigned to CVE-2021-44142 was recently disclosed in Samba versions prior to 4.13.17. This flaw involves an out-of-bounds heap read-write event in which remote attackers could execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The PrinterLogic Virtual Appliance (VA) is susceptible to this vulnerability and was remediated. This issue does not affect PrinterLogic SaaS.

Vulnerability Description

Samba is an implementation of SMB protocol that provides file and printer interoperability for Windows platforms over the network. It is a widely installed software package, and many Linux-based IoT and network devices include publicly open SMB services by default.

The specific flaw exists in EA metadata parsing when opening files in smbd, the Samba server daemon that provides file sharing and printing services to Windows clients. Access as a user with write access to a file’s extended attributes is required to exploit this vulnerability. A guest or unauthenticated user could do this if they are allowed write access to file extended attributes.

The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to settings other than the default values, the security issue does not affect the system. The PrinterLogic VA Host has vfs_fruit enabled and required remediation.

Investigation and Remediation

Vasion has removed the VA_Fruit module from the PrinterLogic Virtual Appliance. Therefore, we recommend that PrinterLogic VA customers with host versions 1.0.735 and earlier update their VA Host, which includes the latest application release. This update includes other new functionality as well described in the release notes. You can find release notes for our VA in our PrinterLogic VA Releases topic.

Overview

In late January, Vasion became aware of a vulnerability that affects many Linux distributions. As a result, the company has completed remediations in its PrinterLogic SaaS and PrinterLogic Virtual Appliance (VA) platforms.

Vulnerability Description

Polkit (formerly known as PolicyKit) is a systemd SUID-root program installed by default in every major Linux distribution. The pkexec application is a setuid tool that allows unprivileged users to run commands as privileged users according to predefined policies.

In the version of Polkit that resulted in this vulnerability discovery, the pkexec application doesn’t handle the calling parameters count correctly and ends by trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables to induce pkexec to execute arbitrary code. This can escalate local privilege and give unprivileged users administrative rights on the target machine.

A new version of Polkit was released that addresses this vulnerability. You can find more information in the CVE-2021-4034 detail document found

Investigation and Remediation

Vasion completed its investigation to determine how this vulnerability affects PrinterLogic SaaS and the PrinterLogic Virtual Appliance (VA). It was found that servers for both platforms contained the affected version of Polkit.

A patch is in place for both PrinterLogic products with the latest version of Polkit recommended by Linux (0.105-20 Ubuntu 0.18.04.05 changed to 0.105-20 Ubuntu 0.18.04.06).

Because PrinterLogic SaaS updates occur automatically, this remediation is already live.

PrinterLogic VA customers with host versions 1.0.730 and earlier will need to update their VA host, including the latest application release. You can find release notes in our PrinterLogic VA Releases topic.

Overview

Recently, security vulnerabilities were discovered in PrinterLogic Web Stack versions 19.1.1.13 SP9 and below. PrinterLogic has completed corrective measures to remediate each vulnerability, and updates are available now for PrinterLogic Web Stack and the Virtual Appliance. Updates occurred automatically with PrinterLogic SaaS and are live worldwide. A summary of the vulnerabilities and corrective actions PrinterLogic has taken are below. Links to the respective CVEs will be added once they are available.

Vulnerabilities (CVEs) and Remediation Summary

  • The affected endpoints were reorganized so they no longer use objects passed as parameters (removing the vulnerability). The vulnerable function “unserialize()” is no longer used.
  • Affected Web Stack, the VA, and SaaS. Remediation completed.
  • The Web Stack installers were adjusted to generate random keys on installation and on updates.
  • In addition, we performed scans for other keys and credentials that may have been leaked, and any findings were also corrected. Measures were furthermore put in place to prevent any leaked secrets from accidentally being included in future releases.
  • Affected Web Stack only. Remediation completed.
  • The affected areas were completely removed where possible (e.g., no longer supported features, printer models, etc.), and escaping/sanitation was corrected for items that could not be removed.
  • Affected Web Stack only. Remediations completed.
  • The SQLi code was never used. The offending pages were removed.
  • Affected Web Stack, the VA, and SaaS. Remediations completed.
  • The test page causing this issue was removed.
  • Affected Web Stack only. Remediations completed.
  • All RCSS vulnerabilities were identified and removed or inputs were escaped or sanitized.
  • Affected Web Stack, the VA, and SaaS. Remediations completed.
  • RBAC security was added to routes that were allowing access to sensitive objects/data.
  • Affected Web Stack, the VA, and SaaS. Remediations completed.
  • RBAC security was added to routes that were allowing access to sensitive objects/data.
  • Affected Web Stack, the VA, and SaaS. Remediations completed.
  • RBAC security was added to routes that were allowing access to sensitive objects/data.
  • Affected Web Stack, the VA, and SaaS. Remediations completed.

Affected PrinterLogic Software Versions:

  • PrinterLogic Web Stack
    • – Version 19.1.1.13 SP9 and earlier, when operating with macOS or Linux endpoint client software. See new install and update links below.
  • PrinterLogic Virtual Appliance
    • Version 20.0.1304 and earlier, when operating with macOS or Linux endpoint client software.
      • Application update is required. See links below.
      • Host update not required if you have VA Host v1.0.674 or later.
  • PrinterLogic SaaS
    • Our SaaS platform does automatic updates. Remediations are now live worldwide. No customer action is needed.

Updated Files and Documentation

  • PrinterLogic Web Stack
    • Link to file for new installs
    • Link to file for Updates
    • Online documentation for theseUpdates
    • Only admin server updates are required; no client updates are needed.
  • PrinterLogic Virtual Appliance
    • Online documentation and file(s) for these updates
    • No client software updates are required.

Overview

The Log4j vulnerability, documented in CVE-2021-44228, is a remote code execution vulnerability in Log4j. This framework is used for logging within many software solutions. The Log4j library is vulnerable to Remote Command Execution (RCE), which means a remote attacker can execute commands over the network on software that contains the vulnerable Log4j versions.

Investigation and Remediation

Vasion is aware of the issue and has not found any evidence of exploitation or vulnerability with our products. Additionally, vasion products, including PrinterLogic SaaS, PrinterLogic VA, and Vasion ST, do not depend on the affected Log4j libraries. Therefore, these products are not vulnerable to the referenced CVE-2021-44228.

Our security team will continue to monitor the situation. If our assessment changes, we will publish our findings and recommendations in this bulletin.

Overview

PrintNightmare, documented in CVE-2021-34527, is a remote code execution vulnerability in the Windows Print Spooler. This vulnerability is exposed through specific inbound Remote Procedure Calls (RPC), which are used to add printers and related drivers. This can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.

PrinterLogic Solution

With PrinterLogic’s Managed Direct IP Printing solution, print jobs are always spooled locally using the local print spooler on the originating workstation. Since PrinterLogic does not use RPC to access the Windows Print Spooler, a PrinterLogic Managed Direct IP print environment is entirely unaffected when the mitigation steps detailed in the CVE (option 2) are followed as Microsoft recommends. This ensures the attack vector is closed on all machines running the Windows Print Spooler while allowing users to continue safely printing using PrinterLogic’s Managed Direct IP solution.

Microsoft has released a patch for this vulnerability. PrinterLogic highly recommends all customers install the July 2021 Out-of-band update on all Windows systems. For details, see KB5004945 and KB5004946.

What about Point and Print?

According to Microsoft documentation, Point and Print is a term that refers to the capability of allowing a user on a Windows 2000 and later client to create a connection to a remote printer without providing disks or other installation media. Instead, all necessary files and configuration information are automatically downloaded from the print server to the client.

This applies explicitly to print queues installed from a Windows print server and does not impact users' ability to install print queues from the PrinterLogic Self-Service Portal.

As part of the July 2021 Out-of-band update, a registry setting is checked to restrict the installation of new unsigned printer drivers to Administrators only. Since PrinterLogic only allows signed Type 3 drivers to be used and the PrinterLogic Client is solely responsible for managed print driver installation, this setting will not adversely affect PrinterLogic customers.

While this registry setting does not impact a PrinterLogic Managed Direct IP environment, following security best practices, PrinterLogic still recommends that all customers enable this registry setting as recommended by Microsoft:

Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

Value: RestrictDriverInstallationToAdministrators

Type: REG_DWORD

Data: 1

Caveats

Printers configured as shared printers or with Windows Print Server Links will cease to function properly if inbound remote printing is disabled on the Windows Print server. Therefore, PrinterLogic recommends converting these printers to Managed Direct IP print queues to avoid this and future Windows Print Spooler vulnerabilities.

References

Overview

Using an exploit to forcibly update configuration data, the PrinterLogic Client can be directed to bypass HTTPS hardening or directed to another PrinterLogic Server. Additionally, the PrinterLogic Client does not correctly verify the origin and integrity of updates. An attacker who successfully exploits these vulnerabilities could run arbitrary code in the context of the Local System Account.

Solution

This solution prevents Man-in-the-Middle (MITM) attacks where bad actors may attempt to spoof a trusted entity by tricking the PrinterLogic Server into connecting to a malicious host. To reduce any attempt at MITM attacks, you must configure your PrinterLogic Server to use the HTTPS protocol as described below:

  1. Follow the steps outlined here: HTTP and HTTPS Configuration Steps.

  2. Next, make sure your homeURL is updated to HTTPS. For more information, see Update the Client’s HomeURL.

  3. In addition, you need to apply the client update described below to secure your PrinterLogic environment.

This solution addresses vulnerabilities related to properly verifying the origin and integrity of the PrinterLogic Client code and sanitizing special characters that could lead to unauthorized changes to configuration files. To address these issues, apply the latest PrinterLogic software update as described below:

  1. Contact support for the PrinterLogic Security Update.

  2. On the PrinterLogic Server, navigate to C:\inetpub\wwwroot\public\client\setup.

  3. Make a backup copy of your existing PrinterLogic Client files before replacing them.

  4. Copy and replace the PrinterLogic Client installation files with the new files provided in the download.

  5. Navigate to your PrinterLogic Admin Console and enable the automatic update option to update your clients. If you want to push out the clients via GPO or using a software deployment tool, follow these instructions.

  6. To validate the update, check to see that the client for each workstation has been updated to the new version by navigating to Tools → Reports → Workstations from the PrinterLogic Admin Console. Click Search to run a report for workstations in your environment. Verify that the numbers in the Client Version column are at least as recent as the numbers shown below:

    • Windows: 25.0.0.49 or higher

    • Mac: 25.1.0.274 or higher

    • Linux: 25.1.0.274 or higher

If you have questions about these solutions, contact PrinterLogic Product Support for assistance.

References