nvd-json-data-feeds/CVE-2018/CVE-2018-172xx/CVE-2018-17213.json

{
  "id": "CVE-2018-17213",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-07-29T18:15:11.067",
  "lastModified": "2019-08-05T14:08:03.343",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Central Print Services (CPS) de PrinterOn hasta versi\u00f3n 4.1.4. Un usuario sin credenciales v\u00e1lidas puede omitir el proceso de identificaci\u00f3n, obteniendo una cookie de sesi\u00f3n v\u00e1lida con privilegios de nivel de invitado y pseudo-invitado. Esta cookie puede ser usada luego para realizar otros ataques."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:printeron:central_print_services:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.1.4",
              "matchCriteriaId": "40ACB056-1898-49E5-8ADD-F36AF8827D95"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17213-Authentication_Bypass-PrinterOn",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}