CVE-2024-5420 Scanner

The SEH utnserver Pro, ProMAX, and INU-100 are devices widely used in network environments for managing printing tasks. Developed for professionals in the IT and telecommunications sectors, these devices provide efficient print server capabilities. Users depend on them for streamlined workflows and device management. However, vulnerabilities in these systems can expose sensitive information and compromise network security. Regular security assessments are crucial for maintaining the integrity of these devices.

The Cross-Site Scripting (XSS) vulnerability in SEH utnserver Pro allows attackers to inject malicious JavaScript code through the device description parameter. This can be exploited remotely, putting users at risk of session hijacking. Attackers can trick users into visiting a malicious link, leading to potential data theft. This vulnerability poses a significant threat to the security of users and their data.

The vulnerable endpoint is located at /device/description_en.html, where an attacker can send a POST request with a malicious payload in the sys_name parameter. The parameter is not properly sanitized, allowing the injection of a script tag. Successful exploitation results in the execution of arbitrary JavaScript in the context of the user's session. This can lead to unauthorized access to sensitive information and user accounts. The vulnerability affects devices running version 20.1.22 and earlier.

If exploited, this vulnerability can allow attackers to hijack user sessions, leading to unauthorized access to sensitive information. They can manipulate user accounts and perform actions as the victim, potentially resulting in data breaches. Users may unknowingly expose their credentials or personal data. Additionally, it could disrupt the functionality of the device, affecting overall network operations.

Join the S4E platform to enhance your cybersecurity posture. With our comprehensive scanning solutions, you can identify vulnerabilities like CVE-2024-5420 in your systems before they can be exploited. Gain insights from our expert analyses and stay ahead of potential threats. Our user-friendly interface makes it easy to monitor your digital assets, ensuring your data remains secure. Become a member today and take proactive steps towards a safer digital environment.

References:

• https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
• https://seclists.org/fulldisclosure/2024/Jun/4
• https://nvd.nist.gov/vuln/detail/CVE-2024-5420
• https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html