Vulnerabilities > CVE-2022-25342 - Missing Authorization vulnerability in Olivetti D-Color Mf3555 Firmware 2Xds000.002.271

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
olivetti
CWE-862

Summary

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed.

Vulnerable Configurations

Part Description Count
OS
Olivetti
1
Hardware
Olivetti
1

Common Weakness Enumeration (CWE)