CVE-2023-2508

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an

unauthenticated attacker to perform a CSRF attack on an instance

administrator to configure the clients host (in the "configure printer

discovery" section). This is possible because the application has no

protections against CSRF attacks, like Anti-CSRF tokens, header origin

validation, samesite cookies, etc.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Fluid AttacksCNA
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
papercutmobility_print_server
1.0.3512
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/solveig/
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server
https://fluidattacks.com/advisories/solveig/
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server