exploitDog

CVE-2019-13170

Опубликовано: 13 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

Ссылки

https://security.business.xerox.com/
Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
Third Party Advisory
https://security.business.xerox.com/
Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:xerox:phaser_3320_firmware:v53.006.16.000:*:*:*:*:*:*:*

cpe:2.3:h:xerox:phaser_3320:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00165

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-4v5h-xfpr-xr45

github

больше 3 лет назад

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

EPSS

Процентиль: 38%

0.00165

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352