Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.
References
Link | Resource |
---|---|
https://sec-consult.com/vulnerability-lab/ | Third Party Advisory |
https://seclists.org/fulldisclosure/2023/Jul/15 | Exploit Mailing List Third Party Advisory |
https://sec-consult.com/vulnerability-lab/ | Third Party Advisory |
https://seclists.org/fulldisclosure/2023/Jul/15 | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec-consult.com/vulnerability-lab/ - Third Party Advisory | |
References | () https://seclists.org/fulldisclosure/2023/Jul/15 - Exploit, Mailing List, Third Party Advisory |
13 Nov 2023, 17:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Kyocera
Kyocera d-copia253mf Plus Kyocera d-copia253mf Plus Firmware |
|
CPE | cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:kyocera:d-copia253mf_plus:-:*:*:*:*:*:*:* |
|
CWE | CWE-22 | |
References | (MISC) https://seclists.org/fulldisclosure/2023/Jul/15 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://sec-consult.com/vulnerability-lab/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
03 Nov 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 04:15
Updated : 2024-11-21 08:06
NVD link : CVE-2023-34259
Mitre link : CVE-2023-34259
CVE.ORG link : CVE-2023-34259
JSON object : View
Products Affected
kyocera
- d-copia253mf_plus_firmware
- d-copia253mf_plus
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')