Customers with printers running D3.18.4-3 or prior firmware with Printer Manager enabled (the default configuration). Customers with this configuration are advised to upgrade to the latest version and apply the remediation steps described herein.
| # Exploit Title: AspectSoftware Unified IP Unified Director - Unauthenticated File Upload and SMB Coercion Attack | |
| # Date: 12/08/2024 | |
| # CVE-2024-56973 | |
| # Exploit Authors: Victor A. Morales, GM Sectec Inc. | |
| # Vendor Homepage: https://www.alvaria.com/ | |
| # Affected Versions: < 7.4 SP2 | |
| # Platform: Windows | |
| # Description (Unauthenticated File Upload) | |
| The file ProcessUploadFromURL.jsp used in Unified IP Unified Director below versions 7.4 SP2, allows arbitrary files to be uploaded from a remote server to the same directory where ProcessUploadFromURL.jsp is located without prior authentication. This allows an attacker to upload a malicious JSP file by specifying a remote server and file in the source and filename parameters respectively. The file can then be accessed by navigating to "/UnifiedDirector/<file>", leading to remote code execution. |
| # Exploit Title: Instant Financial Issuance (On Premise) Software (formerly CardWizard) - Sensitive Information Disclosure | |
| # Date: 08/20/2024 | |
| # Exploit Authors: Victor A. Morales, Omar A. Crespo, GM Sectec Inc. | |
| # Vendor Homepage: https://trustedcare.entrust.com/login | |
| # Version: 6.10.0, 6.9.0, 6.9.1, 6.9.2, 6.8.x and older | |
| # Instant Financial Issuance as a Service (8.x) is not affected. | |
| # Fix: Entrust Security Bulletin E24-003 | |
| # Tested on: Windows Server 2019 Standard Build 17763 | |
| # CVE: CVE-2024-39341 |