Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-10669 | CWE-352 | Unknown | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2020-03-20 |
CPE |
---|
cpe:cpe:/h:oce:colorwave500 |
# Exploit Title: Oc Colorwave 500 printer: Multiple vulnerabilities # Exploit Author: Giuseppe Cal, Marco Ortisi # Authors blog: https://www.redtimmy.com # Vendor Homepage: https://www.canon.com # Software Link: https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM # Version: 4.0.0.0 # CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671 We have recently registered five CVE(s) affecting the Oce Colorwave 500 printer. CVE-2020-10669 is an authentication bypass allowing an attacker to access documents that have been uploaded to the printer. As the documents remain stored in the system even after they have been printed (depending on the printer's configuration), a malicious insider may be able to access documents printed in the past. CVE-2020-10667 is a Stored XSS on the /TemplateManager/indexExternalLocation.jsp page. CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages /home.jsp and /SettingsEditor/settingDialogContent.jsp. Finally CVE-10671 is a system-wide CSRF due to the absence of any form of nonce or countermeasure protecting against Cross Site Request Forgery. More details and full story here: https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.