CVE-2018-17168 — MEDIUM (6.5)

Vulnerability Description

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Printeron	Printeron	4.1.4

Related Weaknesses (CWE)

CWE-352

References

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17168-CSRF-PriExploitThird Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17168-CSRF-PriExploitThird Party Advisory

FAQ

What is CVE-2018-17168?

CVE-2018-17168 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into makin...

How severe is CVE-2018-17168?

CVE-2018-17168 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17168?

Check the references section above for vendor advisories and patch information. Affected products include: Printeron Printeron.