{"containers": {"cna": {"affected": [{"product": "Management Software", "vendor": "PrinterLogic", "versions": [{"lessThanOrEqual": "8.3.1.96", "status": "affected", "version": "8.3.1.96", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-159", "description": "CWE-159 Failure to Sanitize Special Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-10T16:06:05.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/169249/"}, {"name": "108285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108285"}], "source": {"discovery": "UNKNOWN"}, "title": "PrinterLogic Print Management Software does not sanitize special characters", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9505", "STATE": "PUBLIC", "TITLE": "PrinterLogic Print Management Software does not sanitize special characters"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Management Software", "version": {"version_data": [{"version_affected": "<=", "version_name": "8.3.1.96", "version_value": "8.3.1.96"}]}}]}, "vendor_name": "PrinterLogic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-159 Failure to Sanitize Special Element"}]}]}, "references": {"reference_data": [{"name": "VU#", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/169249/"}, {"name": "108285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108285"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:44.054Z"}, "title": "CVE Program Container", "references": [{"name": "VU#", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://kb.cert.org/vuls/id/169249/"}, {"name": "108285", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108285"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9505", "datePublished": "2019-05-08T14:48:20.000Z", "dateReserved": "2019-03-01T00:00:00.000Z", "dateUpdated": "2024-08-04T21:54:44.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:printerlogic:print_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "092E9A95-4811-4796-8B18-24BF4F0EEE1D", "versionEndIncluding": "18.3.1.96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges."}, {"lang": "es", "value": "El programa PrinterLogic Print Management, versiones hasta 18.3.1.96 incluyedola, no hace saneamiento de los caracteres especiales que admiten cambios remotos no autorizados a los archivos de configuraci\u00f3n. Un atacante no identificado puede ejecutar de forma remota un c\u00f3digo arbitrario con privilegios SYSTEM."}], "id": "CVE-2019-9505", "lastModified": "2024-11-21T04:51:44.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-08T15:30:54.877", "references": [{"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108285"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/169249/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/169249/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-159"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}