Exciting Printer Argument prepare_page.rb URL command injection
A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The CWE definition for the vulnerability is CWE-77. The weakness was shared 12/31/2022 as 56. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2017-20156. Access to the local network is required for this attack to succeed. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named 5f8c715d6e2cc000f621a6833f0a86a673462136. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.