PT-2020-17062 · Epson · Epson Eps Tse Server 8

Published

2020-12-16

Updated

2020-12-17

CVE-2020-28931

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EPSON EPS TSE Server 8 version 21.0.11

Description The issue is related to the lack of an anti-CSRF token in the administrative interface, allowing an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.

Recommendations For EPSON EPS TSE Server 8 version 21.0.11, consider implementing an anti-CSRF token in the administrative interface to prevent unauthorized requests. As a temporary workaround, restrict access to the administrative interface to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-28931

Affected Products

Epson Eps Tse Server 8

PT-2020-17062 · Epson · Epson Eps Tse Server 8

CVE-2020-28931

Weakness Enumeration

Related Identifiers

Affected Products

References · 6