Lucene search

[email protected]CVE-2014-9003

HistoryNov 20, 2014 - 1:55 p.m.

CVE-2014-9003

2014-11-2013:55:13

CWE-352

[email protected]

web.nvd.nist.gov

lantronix

xprintserver

csrf

vulnerability

remote

authentication

administrator

configuration

modification

hijacking

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.

Affected configurations

NVD

Node

lantronixxprintserverMatch-

CPENameOperatorVersion
lantronix:xprintserverlantronix xprintservereq-

CPE	Name	Operator	Version
lantronix:xprintserver	lantronix xprintserver	eq	-

References

packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html

seclists.org/fulldisclosure/2014/Nov/24

exchange.xforce.ibmcloud.com/vulnerabilities/98645

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2014-9003

cvelist1 nvd1 prion1 cert1