Critical remote code execution flaw reported in MyQ Print Server
Take action: If you are running MyQ print server, this is a fairly urgent patch. Make sure it's not exposed on the internet, then plan a quick patch cycle.
Learn More
A critical security vulnerability has been discovered in MyQ Print Server, a widely-used printing management solution deployed across 140 countries.
The vulnerability is tracked as CVE-2024-28059 (CVSS score not assigned) allows unauthenticated attackers to execute arbitrary code remotely with a single request. Even in cases where MyQ Print Server wasn't directly accessible via the internet, attackers could potentially compromise the system through server-side request forgery vulnerabilities in other perimeter products.
The attackers can gain unauthorized access to confidential documents in print queues, intercept user passwords, execute arbitrary code and use the compromised MyQ server for lateral movement in the network.
Affected MyQ Print Server 8.2 Patch 42 and earlier versions. MyQ has released MyQ Print Server 8.2 Patch 43 on January 22, 2024.
