CVE-2023-27107
📋 TL;DR
This vulnerability allows unauthorized users to generate internal reports in MyQ Solution Print Server and Central Server by accessing a direct URL, bypassing proper access controls. It affects organizations using MyQ Solution Print Server before version 8.2 Patch 32 and Central Server before version 8.2 Patch 22. Attackers can exploit this to access sensitive information they shouldn't have permission to view.
💻 Affected Systems
- MyQ Solution Print Server
- MyQ Solution Central Server
📦 What is this software?
Central Server by Myq Solution
Central Server by Myq Solution
Print Server by Myq Solution
Print Server by Myq Solution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users access sensitive internal reports containing confidential business data, user information, or system details that could facilitate further attacks.
Likely Case
Internal users with limited privileges access reports beyond their authorization level, potentially exposing sensitive operational data.
If Mitigated
Proper access controls prevent unauthorized report generation, limiting users to only reports they're authorized to access.
🎯 Exploit Status
Exploitation requires network access to the server but doesn't require authentication to the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Print Server: 8.2 Patch 32 or later; Central Server: 8.2 Patch 22 or later
Vendor Advisory: https://www.myq-solution.com/en/support/security-advisories
Restart Required: Yes
Instructions:
1. Download the latest patch from MyQ Solution support portal. 2. Backup current configuration. 3. Apply the patch following vendor instructions. 4. Restart the service. 5. Verify the patch was applied successfully.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to MyQ servers to only authorized users and systems
Web Application Firewall Rules
allImplement WAF rules to block unauthorized access to report generation URLs
🧯 If You Can't Patch
- Implement strict network segmentation to isolate MyQ servers from untrusted networks
- Monitor and alert on unauthorized access attempts to report generation endpoints
🔍 How to Verify
Check if Vulnerable:
Check MyQ Solution version in administration interface or via version check commandCheck Version:
Check version in MyQ Solution web interface under Administration > About or System InformationVerify Fix Applied:
Verify version is at least Print Server 8.2 Patch 32 or Central Server 8.2 Patch 22, then test that unauthorized users cannot access report generation📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /runReport or similar report generation endpoints
- Failed authentication events followed by successful report generation
Network Indicators:
- HTTP requests to report generation URLs from unauthorized IP addresses or users
SIEM Query:
source="myq_server" AND (url="*runReport*" OR url="*report*generation*") AND user="*" AND NOT user IN authorized_users_list