CVE-2021-42637

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-42637
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://printerlogic.com Product
https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints Not Applicable
https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html Third Party Advisory
https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite Third Party Advisory
https://www.printerlogic.com/security-bulletin/ Vendor Advisory
https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite Third Party Advisory
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:printerlogic:web_stack:*:*:*:*:*:*:*:*
cpe:2.3:a:printerlogic:web_stack:19.1.1.13:-:*:*:*:*:*:*
cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp2:*:*:*:*:*:*
cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp3-3:*:*:*:*:*:*
cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp9:*:*:*:*:*:*
History

No history.

Information

Published : 2022-02-02 18:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-42637

Mitre link : CVE-2021-42637

CVE.ORG link : CVE-2021-42637

JSON object : View

Products Affected

printerlogic

  • web_stack
CWE
CWE-918

Server-Side Request Forgery (SSRF)