6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.4%
The PaperCutNG Mobility Print
version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "configure printer
discovery" section). This is possible because the application has no
protections against CSRF attacks, like Anti-CSRF tokens, header origin
validation, samesite cookies, etc.
CPE | Name | Operator | Version |
---|---|---|---|
papercut:mobility_print_server | papercut mobility print server | eq | 1.0.3512 |
[
{
"defaultStatus": "unaffected",
"product": "Mobility Print",
"vendor": "PaperCut MF/NG",
"versions": [
{
"status": "affected",
"version": " 1.0.3512"
}
]
}
]
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.4%