CVE-2018-17168 - OpenCVE

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Printeron	Printeron

Configuration 1 [-]

cpe:2.3:a:printeron:printeron:4.1.4:*:*:*:enterprise:*:*:*

References

Link	Resource
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17168-CSRF-PrinterON	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-18T16:36:51

Updated: 2019-04-18T16:36:51

Reserved: 2018-09-18T00:00:00

Link: CVE-2018-17168

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-18T17:29:00.353

Modified: 2019-04-19T17:32:29.673

Link: CVE-2018-17168

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:printeron:printeron:4.1.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EF15BCEE-A69E-4C53-B995-17261A63EAA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc)."}, {"lang": "es", "value": "Fue encontrada una Vulnerabilidad en PrinterOn Enterprise versi\u00f3n 4.1.4 contiene varias vulnerabilidades de tipo cross-site request forgery (CSRF) en la p\u00e1gina Administration. Por ejemplo, un administrador, siguiendo un enlace, puede ser enga\u00f1ado para hacer cambios no deseados a una impresora (deshabilitar, aprobar, etc.)."}], "id": "CVE-2018-17168", "lastModified": "2019-04-19T17:32:29.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-18T17:29:00.353", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17168-CSRF-PrinterON"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}