CVE-2023-25954

KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU98434809/	Third Party Advisory
https://play.google.com/store/apps/details?id=com.kyocera.kyoprint	Product
https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti	Product
https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax	Product
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kyocera:mobile_print:*:*:*:*:*:android:*:*

Configuration 2 (hide)

cpe:2.3:a:triumph-adler:mobile_print:*:*:*:*:*:android:*:*

Configuration 3 (hide)

cpe:2.3:a:olivetti:mobile_print:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2023-04-13 04:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-25954

Mitre link : CVE-2023-25954

CVE.ORG link : CVE-2023-25954

JSON object : View

Products Affected

kyocera

mobile_print

olivetti

mobile_print

triumph-adler

mobile_print

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2023-25954", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-04-13T04:15:42.547", "references": [{"url": "https://jvn.jp/en/vu/JVNVU98434809/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprint", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification."}], "lastModified": "2023-04-21T17:54:46.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kyocera:mobile_print:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "707E2FE3-3905-438C-B99D-68ED1A7B313D", "versionEndIncluding": "3.2.0.230119"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:triumph-adler:mobile_print:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "9AF4FB63-4E20-471D-82FF-98CC7E1F27F9", "versionEndIncluding": "3.2.0.230119"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:olivetti:mobile_print:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "E3E7E34D-C04F-4957-89E9-F788BC0B6797", "versionEndIncluding": "3.2.0.230119"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}