CVE-2023-34261

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec-consult.com/vulnerability-lab/	Third Party Advisory
https://seclists.org/fulldisclosure/2023/Jul/15	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:d-copia253mf_plus:-:*:*:*:*:*:*:*

History

05 Sep 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-200

13 Nov 2023, 17:36

Type	Values Removed	Values Added
First Time		Kyocera Kyocera d-copia253mf Plus Kyocera d-copia253mf Plus Firmware
CWE		NVD-CWE-noinfo
References	~~(MISC) https://seclists.org/fulldisclosure/2023/Jul/15 -~~	(MISC) https://seclists.org/fulldisclosure/2023/Jul/15 - Exploit, Mailing List, Third Party Advisory
References	~~(MISC) https://sec-consult.com/vulnerability-lab/ -~~	(MISC) https://sec-consult.com/vulnerability-lab/ - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:::::::: cpe:2.3:h:kyocera:d-copia253mf_plus:-:::::::*

03 Nov 2023, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-03 04:15

Updated : 2024-09-05 15:35

NVD link : CVE-2023-34261

Mitre link : CVE-2023-34261

CVE.ORG link : CVE-2023-34261

JSON object : View

Products Affected

kyocera

d-copia253mf_plus
d-copia253mf_plus_firmware

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.3 /10