Description
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.printing.ne.jp/support/information/AppVulnerability.html
Third Party Advisory x_refsource_misc
http://jvn.jp/en/jp/JVN66435380/index.html
Scores
CVSS v3
7.4
EPSS
0.0052
EPSS Percentile
40.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
fujixerox/netprint
< 3.2.3
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026