Cross-site request forgery - CVE-2018-4300,CVE-2018-4700
Published: December 13, 2018 / Updated: August 6, 2019
Vulnerability identifier: #VU16519
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-4300,CVE-2018-4700
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists in the CUPS printing server due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
The weakness exists in the CUPS printing server due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
How to mitigate CVE-2018-4300,CVE-2018-4700
Install updates from vendor's website.