PTC Vuforia Studio Cross-Site Request Forgery
CVE-2023-31200

8HIGH

Key Information:

Vendor: PTC
Status: Vuforia Studio
Vendor: CVE Published:; 7 June 2023

What is CVE-2023-31200?

A security flaw in PTC Vuforia Studio arises from the lack of token requirement, permitting an attacker with local access to leverage this weakness for executing cross-site request forgery (CSRF) attacks or replay attacks. This opens the door for potential unauthorized actions being performed within user sessions, emphasizing the need for strict access controls and token validation to safeguard against such vulnerabilities.

Affected Version(s)

Vuforia Studio 0 < 9.9

References

https://https://www.cisa.gov/news-events/ics-advisories/i...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Lockheed Martin—Red Team reported these vulnerabilities to PTC.