Lucene search

[email protected]CVE-2008-7111

HistoryAug 28, 2009 - 3:30 p.m.

CVE-2008-7111

2009-08-2815:30:00

CWE-264

[email protected]

web.nvd.nist.gov

kyocera mita

3.3.0.1

scanner file utility

cve-2008-7111

remote code execution

file overwrite

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.

Affected configurations

NVD

Node

kyoceramitascanner_file_utilityMatch3.3.0.1

CPENameOperatorVersion
kyoceramita:scanner_file_utilitykyoceramita scanner file utilityeq3.3.0.1

CPE	Name	Operator	Version
kyoceramita:scanner_file_utility	kyoceramita scanner file utility	eq	3.3.0.1

References

secunia.com/advisories/31631

www.informit.com/guides/content.aspx?g=security&seqNum=320

www.securityfocus.com/archive/1/495772/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/53003

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2008-7111

nvd3 prion3 cvelist3 cve2