CVE-2014-2659

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.papercut.com/release-history/
http://secunia.com/advisories/58037	Vendor Advisory
http://www.papercut-mf.com/release-history/
https://exchange.xforce.ibmcloud.com/vulnerabilities/92648

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::
	cpe:2.3:a:papercut:papercut_mf:13.3:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.3:::::::*
	cpe:2.3:a:papercut:papercut_mf:13.2:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.4:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.3:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.2:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.1:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.5:::::::*
	cpe:2.3:a:papercut:papercut_mf:13.5:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.5:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.2:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.2:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.0:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.0:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.1:::::::*
	cpe:2.3:a:papercut:papercut_mf:12.5:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.4:::::::*
	cpe:2.3:a:papercut:papercut_mf:13.0:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.0:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.3:::::::*
	cpe:2.3:a:papercut:papercut_ng:13.1:::::::*
	cpe:2.3:a:papercut:papercut_ng:14.0:::::::*
	cpe:2.3:a:papercut:papercut_mf:13.4:::::::*
	cpe:2.3:a:papercut:papercut_mf:14.0:::::::*
	cpe:2.3:a:papercut:papercut_mf:13.1:::::::*
	cpe:2.3:a:papercut:papercut_ng:12.4:::::::*

Information

Published : 2014-04-22 07:23

Updated : 2017-08-28 18:34

NVD link : CVE-2014-2659

Mitre link : CVE-2014-2659

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Products Affected

papercut

papercut_mf
papercut_ng

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.papercut.com/release-history/", "name": "http://www.papercut.com/release-history/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/58037", "name": "58037", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.papercut-mf.com/release-history/", "name": "http://www.papercut-mf.com/release-history/", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92648", "name": "papercut-cve20142659-csrf(92648)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-2659", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-04-22T14:23Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "14.1"}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "14.1"}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_mf:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:papercut:papercut_ng:12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}

6.8 /10