Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.
The issue stems from improperly configured default permissions (CWE-276), which allow an unprivileged user to create or exploit symbolic links to files or resources that they normally should not have access to. An attacker can thus read, modify, or overwrite system files beyond their permission scope. The attack is possible remotely, without authentication, and without user interaction, making it particularly dangerous.
An attacker can gain unauthorized access to sensitive data, modify system files, and potentially take full control of the system (RCE or privilege escalation), threatening the confidentiality, integrity, and availability of the environment.
Vasion Print Virtual Appliance Host must be updated to version 22.0.843 or later, and Application to version 20.0.1923 or later, in accordance with the manufacturer's recommendations published in the security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vasion Print (formerly PrinterLogic) Virtual Appliance Host in versions prior to 22.0.843 and Application in versions prior to 20.0.1923
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.1923Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.843
Related vulnerabilities
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)