VDB
CVE-2022-24497
CVE-2022-24497
PUBLISHED
In Xerox FreeFlow Print Server gibt es mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere ist der Server anfällig für die Schwachstelle "PRINTNIGHTMARE". Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder Dateien zu manipulieren.
EPSS 37.58% · 97.3th percentile
Risk Scores
EPSS Score
37.58%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xerox FreeFlow Print Server v2 | |
| Xerox | Xerox FreeFlow Print Server 9 |
Exploit Intelligence
- A Zeek detector for CVE-2022-24497. (github-poc)
- A Zeek detector for CVE-2022-24497. (github-poc)
- A Zeek detector for CVE-2022-24497. (github-poc)
- A Zeek detector for CVE-2022-24497. (github-poc)
- A Zeek detector for CVE-2022-24497. (github-poc)
- A Zeek detector for CVE-2022-24497. (github-poc)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL published-proof-of-concept: CVE-2022-24497 (circl-sighting)
- CIRCL exploited: CVE-2022-24497 (circl-sighting)
- CIRCL exploited: CVE-2022-24497 (circl-sighting)
…and 5 more exploits
Timeline
- Apr 12, 2022 CVE Published
- Apr 13, 2022 PoC Published
- Apr 13, 2022 PoC Published
- Apr 14, 2022 PoC Published
- Apr 14, 2022 PoC Published
- Apr 15, 2022 PoC Published
- Apr 16, 2022 EPSS Score
- Apr 21, 2022 PoC Published
- Apr 22, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Sep 9, 2022 PoC Published
- Mar 7, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0838.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0838 advisory
- https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2022/05/Xerox-Security-Bulletin-XRX22-010-FreeFlowPrint-Server-v2-Windows10.pdf advisory