1. Home
  2. CVE Database
  3. CVE-2018-17210
HIGH · 8.8

CVE-2018-17210

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that ...

Vulnerability Description

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
PrinteronCentral Print Services<= 4.1.4

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2018-17210?

CVE-2018-17210 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that ...

How severe is CVE-2018-17210?

CVE-2018-17210 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17210?

Check the references section above for vendor advisories and patch information. Affected products include: Printeron Central Print Services.