Lucene search
MitreCVE-2014-9003HistoryNov 20, 2014 - 1:55 p.m.
CVE-2014-9003
2014-11-2013:55:13
CWE-352
mitre
web.nvd.nist.gov
24
lantronix
xprintserver
csrf
vulnerability
remote
authentication
administrator
configuration
modification
hijacking
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9.8
Confidence
High
EPSS
0.006
Percentile
78.4%
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
Affected configurations
Node
lantronixxprintserverMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lantronix | xprintserver | - | cpe:2.3:h:lantronix:xprintserver:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-9003
2014-11-20 11:00:00
nvd
nvd
CVE-2014-9003
2014-11-20 13:55:13
prion
prion
Cross site request forgery (csrf)
2014-11-20 13:55:00
cert
cert
Lantronix xPrintServer contains multiple vulnerabilities
2016-05-13 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9.8
Confidence
High
EPSS
0.006
Percentile
78.4%
Related for CVE-2014-9003