Primary

Context

Doxense Watchdoc Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Doxense Watchdoc versions prior to 6.1.1.5332. This issue arises from the deserialization of untrusted data, which can be exploited through the .NET Remoting library in the Watchdoc administration interface. The vulnerability allows for arbitrary code execution on the print server, potentially compromising all connected printers and accessing the Active Directory account used by the print server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the print server, leading to a breach of confidentiality by compromising all printers and retrieving the Active Directory account associated with the print server.

Remediation

Users are advised to update to Doxense Watchdoc version 6.1.1. For those with a remote IIS server, restrict access to port 5744 to the remote IIS server only.

Added: Sep 26, 2025, 6:17 PM

Updated: Sep 26, 2025, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Doxense Watchdoc Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating