December 2024

NEW • Updated on 10 de dez. de 2024

CVE-2024-48394 - Identification of TOCTOU (Time-of-Check to Time-of-Use) vulnerability in NDD Print Agent

CVE-2024-48394 - TOCTOU (Time-of-Check to Time-of-Use) vulnerability identified in NDD Print Agent

Description

The NDD Print Agent is installed in the inner layers of corporate/organizational networks, installed on print servers and/or workstations.

When the NDD Print Agent is loaded by the operating system (Windows) one of its DLLs (Dynamic Link Library) is validated and authorized until it is used. The vulnerability is called TOCTOU, it exploits this time interval between authorization and use of the DLL.

In the context of the NDD Print Agent, for the vulnerability to be exploited, the attacker must have already taken control of the corporate/organizational network, i.e. they would have already passed through all the network's security barriers, such as firewalls, intrusion detection systems and antivirus solutions without being detected. And only after overcoming these defenses could the attacker exploit the vulnerability.

Patch instructions

Apply NDD Print Agent update 5.24.6 or higher.

Scenarios and Actions are listed below:

Scenario with NDD Print Host and NDD Print Agent lower than version 5.22.0
1. Actions:
  1. Remove NDD Print Agent and install version 5.24.6 or higher.
  2. Update NDD Print Host - Update to the latest version available on our portal (applies to all versions, no need to remove old ones to update to the new one).
2. Warning points:
  1. Ensure that ports 56564 and 56571 (inbound and outbound) are cleared.
  2. Make a backup of the NDD Print Host before upgrading.
Scenario with NDD Print Host and NDD Print Agent higher than version 5.22.0
1. Actions:
  1. Upgrade the NDD Print Agent to version 5.24.6 or higher.
  2. Update NDD Print Host - Update to the latest version available on our portal (applies to all versions, no need to remove old ones to update to the new one).
2. Warning points:
  1. Ensure that ports 56564 and 56571 (inbound and outbound) are cleared.
  2. Make a backup of the NDD Print Host before upgrading.
Scenario with NDD Print Host, NDD Print Releaser higher than 5.21.0 and NDD Print Agent higher than version 5.22.0
1. Actions:
  1. Upgrade NDD Print Agent to version 5.24.6 or higher.
  2. Update NDD Print Releaser - Update to the latest version available on our portal.
  3. Update NDD Print Host - Update to the latest version available on our portal (applies to all versions, no need to remove old ones to update to the new one).
2. Warning points:
  1. Ensure that ports 56564 and 56571 (inbound and outbound) are cleared.
  2. Make a backup of the NDD Print Host before upgrading.
  3. Make a backup of NDD Print Releaser before upgrading.
Scenario with NDD Print Host, NDD Print Releaser lower than 5.21.0 and NDD Print Agent lower than version 5.22.0
1. Actions:
  1. Remove NDD Print Agent and install version 5.24.6 or higher.
  2. Remove NDD Print Releaser - Install the latest version available on our portal
  3. Update NDD Print Host - Update to the latest version available on our portal (applies to all versions, no need to remove old ones to update to the new one).
2. Warning points:
  1. Ensure that ports 56564 and 56571 (inbound and outbound) are open.
  2. Make a backup of the NDD Print Host before upgrading.
  3. Make a backup of NDD Print Releaser before upgrading.

Scenario with NDD Print Portal 360 Local
1. Actions:
  1. For NDD Print Agent and Releaser, follow the guidelines in the previous scenarios.
  2. For NDD Print Host, the maximum version that can be used is 5.58.4 - (27/03/2024 - http://downloads.ndd.com.br/produtosprint/NDDPrintHostSetup_5.58.4.zip).
2. Warning points:
  1. Ensure that ports 56564 and 56571 (inbound and outbound) are cleared.
  2. Make a backup of the NDD Print Host before upgrading.
  3. Make a backup of NDD Print Releaser before upgrading.

If you have any questions or require further support, please contact our support team at suportenddprint@ndd.tech.