Lucene search

JpcertCVE-2023-25954

HistoryApr 13, 2023 - 4:15 a.m.

CVE-2023-25954

2023-04-1304:15:42

CWE-668

jpcert

web.nvd.nist.gov

cve-2023-25954

android

security

vulnerability

mobile print

kyocera

utax

olivetti

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

KYOCERA Mobile Print’ v3.2.0.230119 and earlier, ‘UTAX/TA MobilePrint’ v3.2.0.230119 and earlier, and ‘Olivetti Mobile Print’ v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user’s Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.

Affected configurations

Nvd

Vulners

Node

kyoceramobile_printRange≤3.2.0.230119android

Node

triumph-adlermobile_printRange≤3.2.0.230119android

Node

olivettimobile_printRange≤3.2.0.230119android

VendorProductVersionCPE
kyoceramobile_print*cpe:2.3:a:kyocera:mobile_print:*:*:*:*:*:android:*:*
triumph-adlermobile_print*cpe:2.3:a:triumph-adler:mobile_print:*:*:*:*:*:android:*:*
olivettimobile_print*cpe:2.3:a:olivetti:mobile_print:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
kyocera	mobile_print	*	cpe:2.3:a:kyocera:mobile_print::::::android::*
triumph-adler	mobile_print	*	cpe:2.3:a:triumph-adler:mobile_print::::::android::*
olivetti	mobile_print	*	cpe:2.3:a:olivetti:mobile_print::::::android::*

CNA Affected

[
  {
    "vendor": "Kyocera Document Solutions, TA Triumph-Adler GmbH, and Olivetti SpA",
    "product": "KYOCERA Mobile Print, UTAX/TA MobilePrint, and Olivetti Mobile Print",
    "versions": [
      {
        "version": "KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU98434809/

play.google.com/store/apps/details?id=com.kyocera.kyoprint

play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti

play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax

www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

Related for CVE-2023-25954