Sign-up

ID

VAR-201812-1071


CVE

CVE-2018-19936


TITLE

PrinterOn Enterprise Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012952

DESCRIPTION

PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. PrinterOn Enterprise Contains an input validation vulnerability.Information may be tampered with. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. A security vulnerability exists in PrinterOn Enterprise version 4.1.4 due to the fact that the program does not properly check the entered URI. An attacker could exploit this vulnerability to delete arbitrary files on the host system

Trust: 1.71

sources: NVD: CVE-2018-19936 // JVNDB: JVNDB-2018-012952 // VULHUB: VHN-130645

AFFECTED PRODUCTS

vendor:printeronmodel:printeronscope:eqversion:4.1.4

Trust: 1.6

vendor:printeronmodel:printeronscope:eqversion:enterprise 4.1.4

Trust: 0.8

sources: JVNDB: JVNDB-2018-012952 // CNNVD: CNNVD-201812-635 // NVD: CVE-2018-19936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19936
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-19936
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-635
value: MEDIUM

Trust: 0.6

VULHUB: VHN-130645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-19936
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-130645
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19936
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-130645 // JVNDB: JVNDB-2018-012952 // CNNVD: CNNVD-201812-635 // NVD: CVE-2018-19936

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-130645 // JVNDB: JVNDB-2018-012952 // NVD: CVE-2018-19936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-635

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201812-635

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012952

PATCH
title:PrinterOn Enterprise Editionurl:https://www.printeron.com/printing-software/enterprise-edition.html
Trust: 0.8
title:PrinterOn Enterprise Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87877
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012952 // 
            
            
            
            CNNVD: CNNVD-201812-635

EXTERNAL IDS
db:NVDid:CVE-2018-19936
Trust: 2.5
db:PACKETSTORMid:150750
Trust: 2.5
db:EXPLOIT-DBid:45969
Trust: 1.7
db:JVNDBid:JVNDB-2018-012952
Trust: 0.8
db:CNNVDid:CNNVD-201812-635
Trust: 0.7
db:VULHUBid:VHN-130645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-130645 // 
            
            
            
            JVNDB: JVNDB-2018-012952 // 
            
            
            
            CNNVD: CNNVD-201812-635 // 
            
            
            
            NVD: CVE-2018-19936

REFERENCES
url:http://packetstormsecurity.com/files/150750/printeron-enterprise-4.1.4-arbitrary-file-deletion.html
Trust: 2.5
url:https://www.exploit-db.com/exploits/45969
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19936
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19936
Trust: 0.8
sources:
            
            
            VULHUB: VHN-130645 // 
            
            
            
            JVNDB: JVNDB-2018-012952 // 
            
            
            
            CNNVD: CNNVD-201812-635 // 
            
            
            
            NVD: CVE-2018-19936

SOURCES
db:VULHUBid:VHN-130645
db:JVNDBid:JVNDB-2018-012952
db:CNNVDid:CNNVD-201812-635
db:NVDid:CVE-2018-19936

LAST UPDATE DATE
2024-11-23T22:51:53.420000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-130645date:2019-01-04T00:00:00
db:JVNDBid:JVNDB-2018-012952date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201812-635date:2018-12-18T00:00:00
db:NVDid:CVE-2018-19936date:2024-11-21T03:58:50.723

SOURCES RELEASE DATE
db:VULHUBid:VHN-130645date:2018-12-17T00:00:00
db:JVNDBid:JVNDB-2018-012952date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201812-635date:2018-12-13T00:00:00
db:NVDid:CVE-2018-19936date:2018-12-17T19:29:00.860