Vasion Print Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413, specifically in VA/SaaS deployments. The vulnerability arises because the 'console_release' directory is accessible from the internet without authentication. This directory contains numerous PHP scripts that construct URLs from user-controlled inputs and then execute them using 'curl_exec()' or 'file_get_contents()' without adequate validation. Although some files attempt to mitigate SSRF by using 'filter_var', these checks are incomplete. As a result, any remote attacker can send a hostname and cause the server to make requests to internal resources, potentially leading to internal network reconnaissance, pivoting, or data exfiltration.

Impact

Exploitation of this vulnerability allows for server-side request forgery, enabling attackers to make requests to internal resources from the server, which could be used for reconnaissance, data exfiltration, or to pivot to other systems.

Remediation

Users can update to Vasion Print Virtual Appliance Host v25.1.102 and Application v25.1.1413 or later. For the Virtual Appliance, reference the 'Application Update' topic for instructions on updating.