Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.
The application improperly secures private cryptographic keys (CWE-522 – Insufficiently Protected Credentials), storing them in the Docker Overlay layer in a manner accessible to unauthenticated attackers. The attack vector is network-based, requiring no privileges or user interaction. Obtaining these keys allows attackers to decrypt protected data or impersonate trusted system components.
An attacker can gain access to private cryptographic keys, which potentially enables complete compromise of confidentiality, integrity, and availability of the system (CVSS vector rating C:H/I:H/A:H). Keys can be exploited for further attacks, including communication decryption or lateral movement within the infrastructure.
Vasion Print must be updated to Virtual Appliance Host version 22.0.862 or later and Application version 20.0.2014 or later. Detailed information is available in vendor security bulletins at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.862 and Application versions below 20.0.2014.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.2014Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.862
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)