CVE-2023-51654

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Dec 26, 2023 / Updated: 10mo ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2023-51654

Dec 25, 2023 at 10:15 PM
First Article

Feedly found the first article mentioning CVE-2023-51654. See article

Dec 26, 2023 at 6:04 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Dec 26, 2023 at 6:04 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.9%)

Jan 3, 2024 at 5:45 PM
Static CVE Timeline Graph

Affected Systems

Brother/iprint\&scan
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

Denial of service in Brother iPrint&Scan Desktop for Windows
The vulnerability allows a local user to perform a denial of service (DoS) attack. The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
CVE-2023-51654
Medium Severity Description Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. Read more at https://www.tenable.com/cve/CVE-2023-51654
NA - CVE-2023-51654 - Improper link resolution before file access...
Improper link resolution before file access ('Link Following') issue exists in iPrint&can Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause...
CVE-2023-51654
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. CVE-2023-51654 originally published on CyberSecurityBoard
Brother iPrint&Scan Desktop for Windows denial of service | CVE-2023-51654
Brother iPrint&Scan Desktop for Windows denial of service Brother iPrint&Scan Desktop for Windows is vulnerable to a denial of service, caused by improper link resolution before file access.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI