Lucene search

[email protected]CVE-2022-41798

HistoryDec 05, 2022 - 4:15 a.m.

CVE-2022-41798

2022-12-0504:15:09

CWE-290

[email protected]

web.nvd.nist.gov

cve-2022-41798

kyocera

document solutions

mfps

printers

session information

vulnerability

network-adjacent attacker

spoofing

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Affected configurations

NVD

Node

kyocerataskalfa_7550ci_firmwareMatch-

AND

kyocerataskalfa_7550ciMatch-

Node

kyocerataskalfa_6550ci_firmwareMatch-

AND

kyocerataskalfa_6550ciMatch-

Node

kyocerataskalfa_5550ci_firmwareMatch-

AND

kyocerataskalfa_5550ciMatch-

Node

kyocerataskalfa_4550ci_firmwareMatch-

AND

kyocerataskalfa_4550ciMatch-

Node

kyocerataskalfa_3550ci_firmwareMatch-

AND

kyocerataskalfa_3550ciMatch-

Node

kyocerataskalfa_3050ci_firmwareMatch-

AND

kyocerataskalfa_3050ciMatch-

Node

kyocerataskalfa_255c_firmwareMatch-

AND

kyocerataskalfa_255cMatch-

Node

kyocerataskalfa_205c_firmwareMatch-

AND

kyocerataskalfa_205cMatch-

Node

kyocerataskalfa_256ci_firmwareMatch-

AND

kyocerataskalfa_256ciMatch-

Node

kyocerataskalfa_206ci_firmwareMatch-

AND

kyocerataskalfa_206ciMatch-

Node

kyoceraecosys_m6526cdn_firmwareMatch-

AND

kyoceraecosys_m6526cdnMatch-

Node

kyoceraecosys_m6526cidn_firmwareMatch-

AND

kyoceraecosys_m6526cidnMatch-

Node

kyocerafs-c2126mfp_firmwareMatch-

AND

kyocerafs-c2126mfpMatch-

Node

kyocerafs-c2126mfp\+_firmwareMatch-

AND

kyocerafs-c2126mfp\+Match-

Node

kyocerafs-c2026mfp_firmwareMatch-

AND

kyocerafs-c2026mfpMatch-

Node

kyocerataskalfa_8000i_firmwareMatch-

AND

kyocerataskalfa_8000iMatch-

Node

kyocerataskalfa_6500i_firmwareMatch-

AND

kyocerataskalfa_6500iMatch-

Node

kyocerataskalfa_5500i_firmwareMatch-

AND

kyocerataskalfa_5500iMatch-

Node

kyocerataskalfa_4500i_firmwareMatch-

AND

kyocerataskalfa_4500iMatch-

Node

kyocerataskalfa_3500i_firmwareMatch-

AND

kyocerataskalfa_3500iMatch-

Node

kyocerataskalfa_305_firmwareMatch-

AND

kyocerataskalfa_305Match-

Node

kyocerataskalfa_255_firmwareMatch-

AND

kyocerataskalfa_255Match-

Node

kyocerataskalfa_306i_firmwareMatch-

AND

kyocerataskalfa_306iMatch-

Node

kyocerataskalfa_256i_firmwareMatch-

AND

kyocerataskalfa_256iMatch-

Node

kyocerals-3140mfp_firmwareMatch-

AND

kyocerals-3140mfpMatch-

Node

kyocerals-3140mfp\+_firmwareMatch-

AND

kyocerals-3140mfp\+Match-

Node

kyocerals-3640mfp_firmwareMatch-

AND

kyocerals-3640mfpMatch-

Node

kyoceraecosys_m2535dn_firmwareMatch-

AND

kyoceraecosys_m2535dnMatch-

Node

kyocerals-1135mfp_firmwareMatch-

AND

kyocerals-1135mfpMatch-

Node

kyocerals-1035mfp_firmwareMatch-

AND

kyocerals-1035mfpMatch-

Node

kyocerals-c8650dn_firmwareMatch-

AND

kyocerals-c8650dnMatch-

Node

kyocerals-c8600dn_firmwareMatch-

AND

kyocerals-c8600dnMatch-

Node

kyoceraecosys_p6026cdn_firmwareMatch-

AND

kyoceraecosys_p6026cdnMatch-

Node

kyocerafs-c5250dn_firmwareMatch-

AND

kyocerafs-c5250dnMatch-

Node

kyocerals-4300dn_firmwareMatch-

AND

kyocerals-4300dnMatch-

Node

kyocerals-4200dn_firmwareMatch-

AND

kyocerals-4200dnMatch-

Node

kyocerals-2100dn_firmwareMatch-

AND

kyocerals-2100dnMatch-

Node

kyoceraecosys_p4040dn_firmwareMatch-

AND

kyoceraecosys_p4040dnMatch-

Node

kyoceraecosys_p2135dn_firmwareMatch-

AND

kyoceraecosys_p2135dnMatch-

Node

kyocerafs-1370dn_firmwareMatch-

AND

kyocerafs-1370dnMatch-

CPENameOperatorVersion
kyocera:taskalfa_7550ci_firmwarekyocera taskalfa 7550ci firmwareeq-

CPE	Name	Operator	Version
kyocera:taskalfa_7550ci_firmware	kyocera taskalfa 7550ci firmware	eq	-

CNA Affected

[
  {
    "vendor": "KYOCERA Document Solutions Inc.",
    "product": "Kyocera Document Solutions MFPs and printers",
    "versions": [
      {
        "version": "A wide range of products is affected.  For the specific products/versions information, see the URL provided by the vendor which is listed in [Reference] section.",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN46345126/index.html

www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html

www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for CVE-2022-41798

cvelist1 nvd1 prion1 jvn1