CVE-2018-4300 Vulnerability Details

  /     /     /  

CVE-2018-4300 Metadata Quick Info

CVE Published: 03/04/2019 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: apple | Vendor: n/a | Product: CUPS
Status : PUBLISHED

---

CVE-2018-4300 Description

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: A maliciously crafted web site or local HTML file might be able to collect sanitized job and printer status information without the knowledge of the user
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).