← Back to CVEs
CVE-2023-2508
MEDIUM5.3
Description
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published9/20/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
apple:macospapercut:mobility_print_server
Weaknesses (CWE)
CWE-352CWE-352
References
https://fluidattacks.com/advisories/solveig/(help@fluidattacks.com)
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server(help@fluidattacks.com)
https://fluidattacks.com/advisories/solveig/(af854a3a-2127-422b-91ae-364da2661108)
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.