CVE-2019-13205

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m5526cdw:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-13 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-13205

Mitre link : CVE-2019-13205

CVE.ORG link : CVE-2019-13205

JSON object : View

Products Affected

kyocera

ecosys_m5526cdw_firmware
ecosys_m5526cdw

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2019-13205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-13T18:15:12.483", "references": [{"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer."}, {"lang": "es", "value": "Todos los par\u00e1metros de configuraci\u00f3n de determinadas impresoras Kyocera (tal y como la ECOSYS M5526cdw versi\u00f3n 2R7_2000.001.701), fueron accesibles para usuarios no autenticados. Esta informaci\u00f3n s\u00f3lo se presentaba en los men\u00fas cuando se autenticaban, y las p\u00e1ginas que cargaban esta informaci\u00f3n tambi\u00e9n estaban protegidas. Sin embargo, todos los archivos que conten\u00edan los par\u00e1metros de configuraci\u00f3n eran accesibles. Estos archivos conten\u00edan informaci\u00f3n confidencial, tales como usuarios, cadenas de la comunidad y otras contrase\u00f1as configuradas en la impresora."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF221F39-6F07-4674-9A53-2104AF0B151C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kyocera:ecosys_m5526cdw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA6498BC-B514-4791-9B50-60F8CD534A12"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}