Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.
The error results from incorrect default permissions (CWE-276) assigned to application log files or directories. Overly permissive permissions allow an unauthenticated network attacker to read or write log files without needing any privileges or user interaction. The attack vector is network-based, with no required authentication and no user interaction, making this vulnerability particularly dangerous in network-exposed environments.
An attacker can gain access to sensitive information contained in application logs (e.g., credentials, user data) and potentially modify or delete logs, which threatens the integrity and availability of the system.
Vasion Print should be updated to Virtual Appliance Host version 1.0.735 / Application 20.0.1330 or later. Detailed information is available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vasion Print (formerly PrinterLogic) Virtual Appliance Host in versions before 1.0.735 and Application in versions before 20.0.1330
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.1330Printerlogic Virtual Appliance
APPPrinterlogic< 1.0.735
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)