Vasion Print Blind Server-Side Request Forgery Vulnerability via Lexmark dellCheck.php Script

A blind server-side request forgery (SSRF) vulnerability has been identified in Vasion Print Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413, specifically in VA/SaaS deployments. The vulnerability is accessible through the /var/www/app/console_release/lexmark/dellCheck.php script, where an unauthenticated user can exploit it. When a printer is registered, the software saves the printer's host name, which is then used to build a URL that is requested via curl. The vulnerability arises because no validation or filtering is applied before the request is made, allowing an attacker to probe internal services or trigger internal actions without direct visibility of the response.

Impact

Exploitation of this vulnerability could allow an attacker to probe internal services, trigger internal actions, or gather intelligence from the targeted system.

Remediation

Users can update to Vasion Print Virtual Appliance Host version 25.1.102 and Application version 25.1.1413 or later. For instructions on updating the Vasion Windows Client, refer to the 'Client Updates' topic.