Vasion Print Blind Server-Side Request Forgery Vulnerability via HP installApp.php

A blind server-side request forgery (SSRF) vulnerability has been identified in Vasion Print Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413, specifically in VA/SaaS deployments. The vulnerability is accessible through the /var/www/app/console_release/hp/installApp.php script, allowing unauthenticated users to exploit it. When a printer is registered, the software captures the printer's host name and constructs a URL to request the DiscoveryTree.xml file via curl. The request lacks proper validation or filtering, enabling potential probing of internal services or triggering of internal actions, despite the exploitation being blind and not directly observable.

Impact

Exploitation of this vulnerability allows for blind server-side request forgery, where an attacker can induce the server to make requests on their behalf. This could be used to probe internal services, trigger actions, or gather intelligence, although the attacker cannot see the response directly.

Remediation

Users can update to Vasion Print Virtual Appliance Host version 25.1.102 and Application version 25.1.1413 or later. For those using the Vasion Windows Client, an update to version 25.0.0.897 or later is recommended.