CVE-2014-9003

MEDIUM(6.8)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Risk Signal Score17/100 — NIEDRIG

CVSS 6.8 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.8

Technische Schwere

Beschreibung

Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.

Referenzen

http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Comman...
http://seclists.org/fulldisclosure/2014/Nov/24
https://exchange.xforce.ibmcloud.com/vulnerabilities/98645
http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Comman...
http://seclists.org/fulldisclosure/2014/Nov/24
https://exchange.xforce.ibmcloud.com/vulnerabilities/98645