CVE-2018-17210

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.

Se detectó un problema en Central Print Services (CPS) hasta versión 4.1.4 de PrinterOn. Los componentes core que crean y ejecutan un trabajo de impresión no realizan la comprobación completa de la cookie de sesión que se les suministra. Como resultado, un atacante con permisos de nivel invitado y pseudo-invitado puede omitir las comprobaciones de sesión (que de lo contrario sacaría de sesión a un usuario poco privilegiado) llamando directamente a los componentes core del trabajo de impresión por medio de las peticiones GET y POST de HTTP diseñadas.