CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
47.4%
The web interface “Command Center” of multiple MFPs and printers provided by KYOCERA Document Solutions Inc. contain multiple vulnerabilities listed below.
Session Information Easily Guessable (CWE-287) - CVE-2022-41798
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Base Score: 6.3 |
CVSS v2 | AV:A/AC:L/Au:N/C:P/I:P/A:P | Base Score: 5.8 |
Missing authorization (CWE-425) - CVE-2022-41807
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:A/AC:L/Au:N/C:P/I:P/A:N | Base Score: 4.8 |
Stored cross-site scripting (CWE-79) - CVE-2022-41830
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.8 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
For more information, contact your distributor.
Apply the workaround
Ensure the network connection is safe to avoid access from any untrusted peers.
A wide range of products are affected.
For more information, refer to the information provided by the developer.