Sign-up

ID

VAR-201904-0640


CVE

CVE-2018-17168


TITLE

PrinterOn Enterprise Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2018-015285

DESCRIPTION

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2018-17168 // JVNDB: JVNDB-2018-015285 // VULHUB: VHN-127600

AFFECTED PRODUCTS

vendor:printeronmodel:printeronscope:eqversion:4.1.4

Trust: 1.0

vendor:printeronmodel:printeronscope:eqversion:enterprise 4.1.4

Trust: 0.8

sources: JVNDB: JVNDB-2018-015285 // NVD: CVE-2018-17168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17168
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17168
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-892
value: MEDIUM

Trust: 0.6

VULHUB: VHN-127600
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-17168
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127600
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17168
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-127600 // JVNDB: JVNDB-2018-015285 // CNNVD: CNNVD-201904-892 // NVD: CVE-2018-17168

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-127600 // JVNDB: JVNDB-2018-015285 // NVD: CVE-2018-17168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-892

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201904-892

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015285

PATCH
title:PrinterOn Enterprise Editionurl:https://www.printeron.com/printing-software/enterprise-edition.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015285

EXTERNAL IDS
db:NVDid:CVE-2018-17168
Trust: 2.5
db:JVNDBid:JVNDB-2018-015285
Trust: 0.8
db:CNNVDid:CNNVD-201904-892
Trust: 0.7
db:VULHUBid:VHN-127600
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127600 // 
            
            
            
            JVNDB: JVNDB-2018-015285 // 
            
            
            
            CNNVD: CNNVD-201904-892 // 
            
            
            
            NVD: CVE-2018-17168

REFERENCES
url:https://github.com/drunkenshells/disclosures/tree/master/cve-2018-17168-csrf-printeron
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-17168
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17168
Trust: 0.8
sources:
            
            
            VULHUB: VHN-127600 // 
            
            
            
            JVNDB: JVNDB-2018-015285 // 
            
            
            
            CNNVD: CNNVD-201904-892 // 
            
            
            
            NVD: CVE-2018-17168

SOURCES
db:VULHUBid:VHN-127600
db:JVNDBid:JVNDB-2018-015285
db:CNNVDid:CNNVD-201904-892
db:NVDid:CVE-2018-17168

LAST UPDATE DATE
2024-11-23T23:04:48.152000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127600date:2019-04-19T00:00:00
db:JVNDBid:JVNDB-2018-015285date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-892date:2019-04-22T00:00:00
db:NVDid:CVE-2018-17168date:2024-11-21T03:53:59.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-127600date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2018-015285date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-892date:2019-04-18T00:00:00
db:NVDid:CVE-2018-17168date:2019-04-18T17:29:00.353