PT SWARM expert Arseniy Sharoglazov identified the CVE-2024-28059 (BDU:2024-01648) vulnerability in MyQ Print Server, a printing management solution. MyQ Print Server is installed on Windows servers of an organization to give a single access interface for controlling printers and scanners from different vendors. MyQ solutions are used in 140 countries around the world. The vendor was notified of the threat in line with the responsible disclosure policy and has released an update.
Arseny Sharoglazov commented: “The vulnerability in question is of the most dangerous type: it allowed an unauthenticated attacker to remotely execute arbitrary code with just a single request. An attacker could gain full access to MyQ Print Server and intercept confidential documents waiting to be printed, user passwords, and other information. Typically, MyQ Print Server is situated within a company’s internal network. However, if attackers discovered a server-side request forgery vulnerability in any other product on the perimeter, they could compromise MyQ Print Server, even if the system was not directly accessible over the internet.”
The MyQ Print Server 8.2 Patch 42 and lower versions were exposed to CVE-2024-28059 (BDU:2024-01648). The security flaw can be fixed by installing MyQ Print Server 8.2 Patch 43.
To detect and block attempts to exploit server-side request forgery vulnerabilities, it is recommended to use systems for analyzing application code security, such as PT Application Inspector, dynamic analysis tools, such as PT BlackBox, and web application firewalls, such as PT Application Firewall or its cloud-based version, PT Cloud Application Firewall.
Vulnerability management systems, such as MaxPatrol VM, help quickly detect critical vulnerabilities in infrastructure. Network traffic analysis products, such as PT Network Attack Discovery, identify attempts to exploit existing vulnerabilities and alert the SOC operator. Endpoint security tools, such as MaxPatrol EDR, reduce the risk of exploitation of vulnerabilities that allow attackers to remotely execute arbitrary code. MaxPatrol EDR allows you to detect malicious activity, send an alert to the SIEM system (MaxPatrol SIEM), and prevent attackers from carrying out the attack. It is also recommended to use VPN solutions to protect your internal network.
