Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.
The Vasion Print application contains a statically hardcoded password in its source code or configuration (CWE-259 — Use of Hard-coded Password). An attacker knowing this password can authenticate to the system without needing to possess legitimate credentials. The vulnerability is remotely accessible over the network without any prerequisites, making it particularly dangerous in Internet-exposed environments.
An attacker can gain full, unauthorized access to the print management system, which may lead to data confidentiality breach, configuration modification, or disruption of printing services availability in the organization.
Vasion Print should be updated as soon as possible to Virtual Appliance Host version 22.0.1002 or later and Application version 20.0.2614 or later. Details are available in the vendor's security bulletins at help.printerlogic.com.
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions before 22.0.1002 and Application versions before 20.0.2614
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.2614Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.1002
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP