Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.
The vulnerability consists of a static AWS API access key being embedded directly in the application code or system configuration of Vasion Print. This key is identical across all installations of the product prior to the patched version, meaning that anyone who discovers it — for example through binary analysis, code leak, or other channel — can use it immediately. The attack vector is network-based, requires no privileges or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this vulnerability particularly dangerous.
An attacker can gain full unauthorized access to AWS resources associated with the application, potentially leading to disclosure of sensitive data, modification of cloud infrastructure, and serious violations of system confidentiality, integrity, and availability.
Update Vasion Print to Virtual Appliance Host 22.0.933 / Application 20.0.2368 or later. It is also recommended to immediately rotate (revoke and replace) the potentially compromised AWS API key in your own cloud environment and verify AWS logs for unauthorized key usage. Details available in the vendor's security bulletin.
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions prior to 22.0.933 and Application versions prior to 20.0.2368
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.2368Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.933
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP