VDB
CVE-2022-24521
CVE-2022-24521
PUBLISHED
KEV
In Xerox FreeFlow Print Server gibt es mehrere Schwachstellen in verschiedenen Komponenten. Insbesondere ist der Server anfällig für die Schwachstelle "PRINTNIGHTMARE". Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder Dateien zu manipulieren.
EPSS 7.63% · 92.0th percentile
Risk Scores
EPSS Score
7.63%
92.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xerox FreeFlow Print Server 9 | |
| Xerox | Xerox FreeFlow Print Server v2 |
Exploit Intelligence
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc-repo)
- CVE-2022-24521 poc (github-poc)
- CVE-2022-24521 poc (github-poc)
…and 49 more exploits
Timeline
- Apr 12, 2022 PoC Published
- Apr 12, 2022 CVE Published
- Apr 13, 2022 CISA KEV Added
- Apr 16, 2022 EPSS Score
- Jul 26, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Dec 24, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0838.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0838 advisory
- https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2022/05/Xerox-Security-Bulletin-XRX22-010-FreeFlowPrint-Server-v2-Windows10.pdf advisory