Skip to content

An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows a Local Or Remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.

License

Notifications You must be signed in to change notification settings

ComparedArray/printix-CVE-2022-25089

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Logo

CVE-2022-25089

A system admin's complete nightmare, users changing the registry from anywhere and everywhere without authentication.

Explore the docs »

View Demo . Report Bug . Request Feature

Downloads Contributors Stargazers Issues License

Table Of Contents

About The Project

Screen Shot

An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows a Local Or Remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.

Here's why this is a big issue:

  • This CVE allows anyone to connect to your corporate network and change any registry value that they please on the remote computer.
  • Any user logged in (regardless of their user role) is able to target themselves, or have someone remotely systematically change all registry values on the machine.
  • There is practically no way to check for the machine but a method to check if a machine has been compromised will be released soon.

Any machine that has any version of Printix installed (<= 1.3.1106.0 as of 3/1/2022) is highly vulnerable to this exploit. A patch could be released within a couple months, yet this may take even longer due to how embedded this command is inside their API, and how their entire authentication framework has to be changed.

This was discovered on 10/2/2021, and a CVE was reserved on 3/1/2022.

Built With

.NET Framework 4.8

Getting Started

There are two options to this project, such as compiling the solution yourself or just downloading and running the precompiled software.

Prerequisites

You will need to install Visual Studio, or have downloaded the perquisite libraries.

Installation

  1. Download the project, and open it in Visual Studio.

  2. Ensure that all NuGet packages are referenced.

  3. Enjoy.

Usage

This is a console based program, so all you have to do is run the program.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  • If you have suggestions for adding or removing projects, feel free to open an issue to discuss it, or directly create a pull request after you edit the README.md file with necessary changes.
  • Please make sure you check your spelling and grammar.
  • Create individual PR for each suggestion.
  • Please also read through the Code Of Conduct before posting your first idea as well.

Creating A Pull Request

License

Distributed under the MIT License. See LICENSE for more information.

Authors

  • Logan Latvala - Cyber security enthusiast - Logan Latvala - Founded the vulnerability & created the code.

Acknowledgements

About

An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows a Local Or Remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages