Cross-Site Request Forgery Vulnerability in Xerox Printers
CVE-2019-13170

6.5MEDIUM

Key Information:

Vendor: Xerox
Status: Phaser 3320 Firmware
Vendor: CVE Published:; 13 March 2020

Summary

Certain Xerox printers, including the Phaser 3320, lack adequate protections against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows attackers to exploit the absence of CSRF tokens, potentially enabling unauthorized actions and local account takeovers on the device. Organizations using affected Xerox printers are at risk, and it is crucial to implement security measures to mitigate these vulnerabilities.

References

https://security.business.xerox.com/

x_refsource_MISC

https://www.nccgroup.trust/us/our-research/technical-advi...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2020
Vulnerability Reserved
Jul 2, 2019