Vasion Print Hardcoded SSL Certificate and Private Key Vulnerability

A vulnerability exists in Vasion Print Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786, affecting both VA and SaaS deployments. The vulnerability arises from a private SSL key and matching public certificate, hardcoded and stored in cleartext, belonging to the hostname 'pl-local.com'. This key is used to terminate TLS connections on ports 80 and 443. An attacker with container-level access can read the files and obtain the private key, enabling decryption of TLS traffic, man-in-the-middle attacks, or forgery of TLS certificates. Such exploitation could lead to impersonation of the appliance's web UI, interception of credentials, and unrestricted access to services that trust the certificate. The same key is used across all deployed appliances, meaning a single theft compromises every Vasion Print installation.

Impact

Exploitation of this vulnerability allows for interception and decryption of TLS traffic, man-in-the-middle attacks, and forgery of TLS certificates, enabling impersonation of the appliance's web UI and unauthorized access to services that trust the certificate. This vulnerability has a CVSS score of 9.3.

Remediation

Users can update to Vasion Print Virtual Appliance Host version 22.0.1049 and Application version 20.0.2786. For Vasion Print SaaS users, no action is needed as the update has been applied automatically.