CVE-2018-17169 - OpenCVE

An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Printeron	Printeron

Configuration 1 [-]

cpe:2.3:a:printeron:printeron:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17169-XXE-PrinterON	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-23T13:34:01

Updated: 2019-04-23T13:34:01

Reserved: 2018-09-18T00:00:00

Link: CVE-2018-17169

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-23T14:29:00.243

Modified: 2019-04-30T13:48:59.717

Link: CVE-2018-17169

JSON object: View

Redhat Information

No data.

CWE

CWE-611

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:printeron:printeron:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D6FD40F-B46C-473C-8E0F-34653F58B2B6", "versionEndIncluding": "4.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."}, {"lang": "es", "value": "Una vulnerabilidad de entidad externa XML (XXE) en PrinterOn versi\u00f3n 4.1.4 y versiones posteriores permite a los usuarios autenticados remotos leer archivos arbitrarios o realizar ataques de falsificaci\u00f3n de solicitud del lado del servidor (SSRF) a trav\u00e9s de un DTD elaborado en una solicitud XML."}], "id": "CVE-2018-17169", "lastModified": "2019-04-30T13:48:59.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-23T14:29:00.243", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17169-XXE-PrinterON"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}