CVE-2018-17168

Name of the Vulnerable Software and Affected Versions PrinterOn Enterprise version 4.1.4

Description The issue allows an attacker to trick an administrator into making unwanted changes to a printer, such as disabling or approving it, by following a malicious link. This is due to multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page.

Recommendations For PrinterOn Enterprise version 4.1.4, consider restricting access to the Administration page until a fix is available. As a temporary workaround, administrators should be cautious when following links and avoid making changes to printer settings from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.