CRITICAL🇵🇱 Wersja polska

CVE-2025-27670

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.

🤖 AI Analysis
How it works

The error classified as CWE-347 (Improper Verification of Cryptographic Signature) means that the application does not properly verify cryptographic signatures of provided data or components. An attacker can supply unsigned or forged data/packets that the system incorrectly treats as trusted and processes. The network attack vector (AV:N) without authentication requirements (PR:N) and user interaction (UI:N) makes this vulnerability exceptionally easy to exploit remotely.

Impact

An attacker can gain full control over the vulnerable system — compromise data confidentiality, modify configuration or data (integrity breach), and cause service unavailability. Remote execution of unauthorized operations without any privileges is possible.

Mitigation & patch

Vasion Print should be updated to Virtual Appliance Host version 22.0.843 or later and Application version 20.0.1923 or later. Detailed information is available in the manufacturer's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host version below 22.0.843 and Application version below 20.0.1923.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)