CVE-2019-19832

{"id": "CVE-2019-19832", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-12-18T18:15:20.053", "references": [{"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/155709/Xerox-AltaLink-C8035-Printer-Cross-Site-Request-Forgery.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)"}, {"lang": "es", "value": "Las impresoras Xerox AltaLink C8035, permiten un ataque de tipo CSRF. Una petici\u00f3n para agregar usuarios es realizada en el campo de formulario Device User Database en el URI xerox.set. (El valor de frmUserName debe tener un nombre \u00fanico)."}], "lastModified": "2024-11-21T04:35:29.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xerox:altalink_c8035_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F395F3-B066-479F-A8C2-ADEE1EE07FDA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3214817D-E787-486D-A1B7-2606B923FF27"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}