CVE-2023-2508

Summary

The PaperCutNG Mobility Print version 1.0.3512 application allows an

unauthenticated attacker to perform a CSRF attack on an instance

administrator to configure the clients host (in the "configure printer

discovery" section). This is possible because the application has no

protections against CSRF attacks, like Anti-CSRF tokens, header origin

validation, samesite cookies, etc.

Affected Software

VendorProductVersion RangeStatus
PaperCut MF/NGMobility Print1.0.3512affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References