PT-2024-22: (Unauth Remote Code Execution) in MyQ Print Server

CRITICAL

(9.3) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vendor: MyQ, spol. s r.o

Product: MyQ Print Server

Vulnerable version: <8.2 (patch 43)

Vulnerability type:

- CWE-94: Improper Control of Generation of Code ('Code Injection')

Identifier (ID):

BDU:2024-01648

CVE-2024-28059

Vulnerability vector:

- Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- Severity (CVSSv3.1): 9.8 (critical)

- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

- Severity (CVSSv4.0): 9.3 (critical)

Description:

The vulnerability was identified in MyQ Print Server, versions <8.2 (patch 43).
An Unauthenticated Remote Code Execution vulnerability can be exploited by an attacker to gain elevated privileges on the target server.

Vulnerability status: Confirmed by vendor

Date of vulnerability detection: 25.12.2023

Recommendations: Update to version 8.2 (patch 43) or higher.

Additional information: Security Bulletin

Researcher: Arseniy Sharoglazov (Positive Technologies)

Identifier:

CVE-2024-28059

BDU:2024-01648

Vendor:

MyQ, spol. s r.o

Vulnerable product:

MyQ Print Server

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.