CVE-2022-32427 An attacker with knowledge of the Driver filename can exploit this to escalate privileges or distribute malicious content.

While converting a legacy PrinterLogic Server 10.0.0.356 to a Windows Client, a vulnerability exists in the web management interface. An attacker can exploit this vulnerability to execute command injection. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected users are advised to upgrade. During the installation of PrinterLogic Server 10.0.0.356, an issue exists in the installation of the web management interface. An attacker can exploit this to upload a malicious file to the server and execute command injection. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected users are advised to upgrade. An issue exists in the installation of the web management interface of the Windows Client. An attacker can exploit this to upload a malicious file to the server and execute command injection. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected users are advised to upgrade. An issue exists in the installation of the web management interface of the Windows Client. An attacker can exploit this to upload a malicious file to the server and execute command injection. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected users are advised to upgrade.

What is the current version of PrinterLogic?

PrinterLogic Server 10.0.0.356, PrinterLogic Windows Client 25.0.0688

PrinterLogic Enterprise

License Upgrade
Prior to installing PrinterLogic Server 10.0.0.356, a manual upgrade is required to install the web management interface of the Windows Client:
1. Enter the installation process for PrinterLogic Server 10.0.0.356, select the "Upgrade" or "Customize" option and then click on "Install WebMgmtLib/WebManager".
2. Follow the prompts and complete the installation of WebMgmtLib/WebManager on your server.
3. After completing this upgrade, download and execute a new version of PrinterLogic Windows Client 25: https://www.printerslogic-solutions-downloads-s22158875941.clientsupportcentral.com/products/PrinterLogicWindowsClient25_x64_en_31052018-9c4f24a4df4d865fc6e22412bc7b6d5e636ebab3fef59c9eae51d4bf06a2b8aefb6c

Vulnerability description

When upgrading from PrinterLogic Server 10.0.0.356 to Windows Client 25.0.0688, there exists a vulnerability in the installation of the web management interface that can be exploited by an attacker to execute command injection on the server

REQUIREMENTS

Windows Client 25.0.0688 or later
Windows Server 2008 R2 SP1 or later

Timeline

Published on: 08/25/2022 02:15:00 UTC
Last modified on: 09/01/2022 04:15:00 UTC

References

• https://www.printerlogic.com/security-bulletin/
• https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm?tocpath=_____9
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32427