216.73.217.22

CVE-2025-34197

· Published 19/09/2025 19:15 · Modified 19/09/2025 19:15

Labels: CVE-2025-34197 2025-09-19CVE-2025-34197CWE-798[email protected]

Essential information

Published
19/09/2025 19:15
Modified
19/09/2025 19:15
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. NOTE: The patch for this vulnerability is reported to be incomplete: /etc/shadow was remediated but /etc/sudoers remains vulnerable.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vasion print / virtual appliance host cpe:2.3:a:vasion_print:virtual_appliance_host:<22.0.951:*:*:*:*:*:*:*
vasion print / application cpe:2.3:a:vasion_print:application:<20.0.2368:*:*:*:*:*:*:*

References