CVE-2018-17210 : What You Need to Know

PrinterOn Central Print Services (CPS) up to version 4.1.4 is vulnerable to an authorization bypass issue that allows users with low privileges to evade session checks and perform unauthorized actions.

Understanding CVE-2018-17210

This CVE identifies a security vulnerability in PrinterOn Central Print Services (CPS) up to version 4.1.4 that enables unauthorized access to core print job components.

What is CVE-2018-17210?

An issue in PrinterOn CPS allows users with guest or pseudo-guest level privileges to bypass session checks and execute print job components using customized HTTP requests.

The Impact of CVE-2018-17210

The vulnerability permits unauthorized users to perform actions reserved for higher privilege levels, compromising the security of the printing service.

Technical Details of CVE-2018-17210

PrinterOn CPS vulnerability details and exploitation mechanisms.

Vulnerability Description

The core print job components in PrinterOn CPS lack thorough validation of session cookies, enabling users with low privileges to bypass session checks.

Affected Systems and Versions

Product: PrinterOn Central Print Services (CPS)
Versions affected: Up to 4.1.4

Exploitation Mechanism

Attackers can exploit this vulnerability by directly invoking core print job components using crafted HTTP GET and POST requests.

Mitigation and Prevention

Protecting systems from CVE-2018-17210 and enhancing security measures.

Immediate Steps to Take

Update PrinterOn CPS to the latest version that includes a patch for this vulnerability.
Monitor and restrict access to the print services to authorized users only.

Long-Term Security Practices

Implement regular security audits and penetration testing to identify and address vulnerabilities.
Educate users on secure practices and the importance of maintaining updated software.

Patching and Updates

Apply security patches promptly to ensure that known vulnerabilities are mitigated and system security is maintained.