The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31631 | Broken Link Vendor Advisory |
http://www.informit.com/guides/content.aspx?g=security&seqNum=320 | Exploit Not Applicable |
http://www.securityfocus.com/archive/1/495772/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/30855 | Broken Link Exploit Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/44717 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53004 | Third Party Advisory VDB Entry |
Configurations
History
21 Jan 2024, 02:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/53004 - Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44717 - Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/30855 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.informit.com/guides/content.aspx?g=security&seqNum=320 - Exploit, Not Applicable | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/495772/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31631 - Broken Link, Vendor Advisory | |
CWE | CWE-863 |
Information
Published : 2009-08-28 15:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-7109
Mitre link : CVE-2008-7109
CVE.ORG link : CVE-2008-7109
JSON object : View
Products Affected
kyoceramita
- scanner_file_utility
CWE
CWE-863
Incorrect Authorization