CRITICAL🇵🇱 Wersja polska

CVE-2025-27667

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011.

🤖 AI Analysis
How it works

The flaw, classified as CWE-203 (Observable Discrepancy), involves the application returning different responses depending on whether a provided email address exists in the system as an administrator account. An attacker, by sending appropriately crafted network requests without any authentication, can determine which email addresses are assigned to administrative accounts based on the observed differences in system responses. The vulnerability is remotely accessible without requiring any privileges or user interaction.

Impact

An attacker can collect a list of administrative account email addresses, which facilitates targeted phishing attacks, credential stuffing, or brute-force attacks on these accounts, potentially leading to the compromise of administrative privileges over the print system.

Mitigation & patch

Vasion Print must be updated to Virtual Appliance Host version 22.0.843 or later and Application 20.0.1923 or later. Detailed information is available in the manufacturer's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.843 and Application versions below 20.0.1923

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)