The PaperCutNG Mobility Print 1.0.3512 application has been identified to have a cross-site request forgery vulnerability that leads to sophisticated phishing attacks.
This vulnerability exists because the application lacks CSRF defenses such as anti-CSRF tokens, header origin validation, same-site cookies, etc.
The Cross-Site Request Forgery (CSRF) attack pushes authenticated users to send requests to Web applications that they are already authorized to access. CSRF attacks take advantage of the trust a Web application has in a verified user.
Details of the Vulnerability
The vulnerability is tracked as CVE-2023-2508 with a CVSS base score of 5.3.
According to the information shared in Fluidattacks, an unauthenticated attacker can launch a CSRF attack against an instance administrator using the PaperCutNG Mobility Print version 1.0.3512 application to configure the client’s host.
Further, when the administrator wishes to send the link to users so that they may set up their log in information, they are actually directing them to a malicious website that impersonates the PaperCut NG login to steal their login information.
User involvement by the victim is necessary for successful exploitation. Up till now, there are no patches available for this vulnerability.
The PaperCut team has successfully addressed the vulnerability and has released version 1.0.3617 for users to update. It is highly recommended that users update to this version to ensure optimal security and protection of their system.