(Simple Release | Print Friendly) A "Mishandling of Input to API" or "Exposed Dangerous Method or Function" vulnerability in PrintixService.exe, in Kofax Printix's "Printix Secure Cloud Print Management", Version 1.3.1156.0 and below allows a Local Or Remote attacker the ability to attack any enterprise installation running in KioskMode by exploiting the local PrintixProxy class to invoke an error with localhost/e/?error=INVALID_CREDENTIAL&errorMessage={kioskModeValue}. When an attacker combines this with CVE-2022-29552, the attacker may change the ProgramDir registry value to invoke any program named unis000.exe.
ComparedArray/printix-CVE-2022-29554
A "Mishandling of Input to API" or "Exposed Dangerous Method or Function" vulnerability in PrintixService.exe, in Kofax Printix's "Printix Secure Cloud Print Management", Version 1.3.1156.0 and below allows a Local Or Remote attacker the ability to attack any enterprise installation running in KioskMode by exploiting the local PrintixProxy class to invoke an error with localhost/e/?error=INVALID_CREDENTIAL&errorMessage={kioskModeValue}. When an attacker combines this with CVE-2022-29552, the attacker may change the ProgramDir registry value to invoke any program named unis000.exe.
C#MIT