Sign-up

ID

VAR-201805-0270


CVE

CVE-2018-10327


TITLE

PrinterOn Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-005111

DESCRIPTION

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. PrinterOn Contains information disclosure vulnerabilities and certificate / password management vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. There is an information disclosure vulnerability in PrinterOn Enterprise 4.1.3, which stems from the fact that the program uses base64 encoding to store credentials

Trust: 1.71

sources: NVD: CVE-2018-10327 // JVNDB: JVNDB-2018-005111 // VULHUB: VHN-120075

AFFECTED PRODUCTS

vendor:printeronmodel:printeronscope:eqversion:4.1.3

Trust: 1.6

vendor:printeronmodel:printeronscope:eqversion:enterprise 4.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2018-005111 // CNNVD: CNNVD-201805-521 // NVD: CVE-2018-10327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10327
value: HIGH

Trust: 1.0

NVD: CVE-2018-10327
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-521
value: HIGH

Trust: 0.6

VULHUB: VHN-120075
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-10327
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120075
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10327
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120075 // JVNDB: JVNDB-2018-005111 // CNNVD: CNNVD-201805-521 // NVD: CVE-2018-10327

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-120075 // JVNDB: JVNDB-2018-005111 // NVD: CVE-2018-10327

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-521

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005111

PATCH
title:PrinterOn Enterprise Editionurl:https://www.printeron.com/printing-software/enterprise-edition.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005111

EXTERNAL IDS
db:NVDid:CVE-2018-10327
Trust: 2.5
db:JVNDBid:JVNDB-2018-005111
Trust: 0.8
db:CNNVDid:CNNVD-201805-521
Trust: 0.6
db:VULHUBid:VHN-120075
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120075 // 
            
            
            
            JVNDB: JVNDB-2018-005111 // 
            
            
            
            CNNVD: CNNVD-201805-521 // 
            
            
            
            NVD: CVE-2018-10327

REFERENCES
url:https://github.com/bzyo/cve-pocs/tree/master/cve-2018-10327
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10327
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10327
Trust: 0.8
sources:
            
            
            VULHUB: VHN-120075 // 
            
            
            
            JVNDB: JVNDB-2018-005111 // 
            
            
            
            CNNVD: CNNVD-201805-521 // 
            
            
            
            NVD: CVE-2018-10327

SOURCES
db:VULHUBid:VHN-120075
db:JVNDBid:JVNDB-2018-005111
db:CNNVDid:CNNVD-201805-521
db:NVDid:CVE-2018-10327

LAST UPDATE DATE
2024-11-23T23:12:08.467000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120075date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-005111date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-521date:2019-10-23T00:00:00
db:NVDid:CVE-2018-10327date:2024-11-21T03:41:13.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-120075date:2018-05-17T00:00:00
db:JVNDBid:JVNDB-2018-005111date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-521date:2018-05-17T00:00:00
db:NVDid:CVE-2018-10327date:2018-05-17T19:29:00.260