CVE-2023-2508
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The PaperCutNG Mobility Print version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PaperCut MF/NG | Mobility Print | 1.0.3512 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://fluidattacks.com/advisories/solveig/
- https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://fluidattacks.com/advisories/solveig/
- https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.