Vulnerability Details : CVE-2023-2508
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2023-2508
- cpe:2.3:a:papercut:mobility_print_server:1.0.3512:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2508
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2508
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
Fluid Attacks | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-2508
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by:
- help@fluidattacks.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-2508
-
https://fluidattacks.com/advisories/solveig/
CSRF in PaperCutNG Mobility Print leads to sophisticated phishing | Advisories | Fluid AttacksExploit;Third Party Advisory
-
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server
Mobility Print release history | PaperCutRelease Notes
Jump to