Home

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`, and `ForwardAgent yes`. These settings disable verification of the remote host’s SSH key and automatically forward the developer’s SSH‑agent to any host that matches the configured wildcard patterns. As a result, an attacker who can reach a single compromised container can cause the container to connect to a malicious SSH server, capture the forwarded private keys, and use those keys for unrestricted lateral movement across the environment.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-29 | Updated 2025-09-30 | Assigner VulnCheck




HIGH: 7.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

Problem types

CWE-522 Insufficiently Protected Credentials

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

* before 22.0.1049
affected

Default status
unaffected

* before 20.0.2786
affected

Credits

Pierre Barre finder

References

pierrekim.github.io/...-printerlogic-83-vulnerabilities.html technical-description

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

www.vulncheck.com/...printerlogic-insecure-ssh-client-config third-party-advisory

cve.org (CVE-2025-34207)

nvd.nist.gov (CVE-2025-34207)

Download JSON