PT SWARM expert Arseniy Sharoglazov identified the CVE-2024-28059 (BDU:2024-01648) vulnerability in MyQ Print Server, a printing management solution. MyQ Print Server is installed on Windows servers of an organization to give a single access interface for controlling printers and scanners from different vendors. MyQ solutions are used in 140 countries around the world. The vendor was notified of the threat in line with the responsible disclosure policy and has released an update.
Arseny Sharoglazov commented: “The vulnerability in question is of the most dangerous type: it allowed an unauthenticated attacker to remotely execute arbitrary code with just a single request. An attacker could gain full access to MyQ Print Server and intercept confidential documents waiting to be printed, user passwords, and other information. Typically, MyQ Print Server is situated within a company’s internal network. However, if attackers discovered a server-side request forgery vulnerability in any other product on the perimeter, they could compromise MyQ Print Server, even if the system was not directly accessible over the internet.“
The MyQ Print Server 8.2 Patch 42 and lower versions were exposed to CVE-2024-28059 (BDU:2024-01648). The security flaw can be fixed by installing MyQ Print Server 8.2 Patch 43.
