CSRF in PaperCutNG Mobility Print leads to sophisticated phishing
CVE-2023-2508

5.3MEDIUM

Key Information:

Vendor
Papercut Mf/ng
Status
Mobility Print
Vendor
CVE Published:
20 September 2023

Summary

The PaperCutNG Mobility Print version 1.0.3512 application allows an

unauthenticated attacker to perform a CSRF attack on an instance

administrator to configure the clients host (in the "configure printer

discovery" section). This is possible because the application has no

protections against CSRF attacks, like Anti-CSRF tokens, header origin

validation, samesite cookies, etc.

Affected Version(s)

Mobility Print 1.0.3512

References

https://fluidattacks.com/advisories/solveig/
https://www.papercut.com/help/manuals/mobility-print/rele...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-2508 : CSRF in PaperCutNG Mobility Print leads to sophisticated phishing | SecurityVulnerability.io