CVE-2018-5408

{"id": "CVE-2018-5408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2019-05-08T15:30:52.987", "references": [{"url": "http://www.securityfocus.com/bid/108285", "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/169249/", "tags": ["US Government Resource", "Third Party Advisory"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host."}, {"lang": "es", "value": "El programa PrinterLogic Print Management, hasta la versi\u00f3n 18.3.1.96 incluyendola, no v\u00e1lida, o v\u00e1lida incorrectamente, el certificado SSL del portal de administraci\u00f3n de PrinterLogic. Cuando un certificado no es v\u00e1lido o es malicioso, podr\u00eda permitir a un atacante falsificar una entidad de confianza mediante el uso de un ataque de tipo man-in the-middel (MITM). El programa puede conectarse a un host malicioso mientras cree que es un host de confianza, o el programa puede ser burlado para aceptar datos falsificados que parecen provenir de un host de confianza."}], "lastModified": "2019-05-10T17:29:01.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:printerlogic:print_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092E9A95-4811-4796-8B18-24BF4F0EEE1D", "versionEndIncluding": "18.3.1.96"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}