[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] Oce Colorwave 500 printer - multiple vulnerabilities
From:       Red Timmy Security <publications () redtimmy ! com>
Date:       2020-03-19 16:53:44
Message-ID: a0f6a40ec709af2dd9cfafc2a7199426 () redtimmy ! com
[Download RAW message or body]

Hi,
we have recently registered five CVE(s) affecting the Oce Colorwave 500 
printer.

CVE-2020-10669 is an authentication bypass allowing an attacker to 
access documents that have been uploaded to the printer. As the 
documents remain stored in the system even after they have been printed 
(depending on the printer's configuration), a malicious insider may be 
able to access documents printed in the past.

CVE-2020-10667 is a Stored XSS on the 
"/TemplateManager/indexExternalLocation.jsp" page.

CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages "/home.jsp" 
and "/SettingsEditor/settingDialogContent.jsp".

Finally CVE-10671 is a system-wide CSRF due to the absence of any form 
of nonce or countermeasure protecting against Cross Site Request 
Forgery.

More details and full story here: 
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/


regards

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


[prev in list] [next in list] [prev in thread] [next in thread]