← Zuruck zu CVEs
CVE-2023-2508
MEDIUM5.3
Beschreibung
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht9/20/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apple:macospapercut:mobility_print_server
Schwachen (CWE)
CWE-352CWE-352
Referenzen
https://fluidattacks.com/advisories/solveig/(help@fluidattacks.com)
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server(help@fluidattacks.com)
https://fluidattacks.com/advisories/solveig/(af854a3a-2127-422b-91ae-364da2661108)
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.