Search criteria
2 vulnerabilities found for Multifunction Printer Net Viewer by Kyocera
CVE-2022-1026 (GCVE-0-2022-1026)
Vulnerability from cvelistv5 – Published: 2022-04-04 14:15 – Updated: 2024-09-16 20:06
VLAI?
Title
Kyocera Net View Address Book Exposure
Summary
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Severity ?
8.6 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kyocera | Multifunction Printer Net Viewer |
Affected:
2S0_1000.005.0012S5_2000.002.505 , ≤ 2S0_1000.005.0012S5_2000.002.505
(custom)
|
Credits
Aaron Herndon, Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multifunction Printer Net Viewer",
"vendor": "Kyocera",
"versions": [
{
"lessThanOrEqual": "2S0_1000.005.0012S5_2000.002.505",
"status": "affected",
"version": "2S0_1000.005.0012S5_2000.002.505",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aaron Herndon, Rapid7"
}
],
"datePublic": "2022-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T14:15:18",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kyocera Net View Address Book Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-29T13:05:00.000Z",
"ID": "CVE-2022-1026",
"STATE": "PUBLIC",
"TITLE": "Kyocera Net View Address Book Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multifunction Printer Net Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2S0_1000.005.0012S5_2000.002.505",
"version_value": "2S0_1000.005.0012S5_2000.002.505"
}
]
}
}
]
},
"vendor_name": "Kyocera"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aaron Herndon, Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html",
"refsource": "CONFIRM",
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"name": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-1026",
"datePublished": "2022-04-04T14:15:18.324284Z",
"dateReserved": "2022-03-18T00:00:00",
"dateUpdated": "2024-09-16T20:06:43.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1026 (GCVE-0-2022-1026)
Vulnerability from nvd – Published: 2022-04-04 14:15 – Updated: 2024-09-16 20:06
VLAI?
Title
Kyocera Net View Address Book Exposure
Summary
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Severity ?
8.6 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kyocera | Multifunction Printer Net Viewer |
Affected:
2S0_1000.005.0012S5_2000.002.505 , ≤ 2S0_1000.005.0012S5_2000.002.505
(custom)
|
Credits
Aaron Herndon, Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multifunction Printer Net Viewer",
"vendor": "Kyocera",
"versions": [
{
"lessThanOrEqual": "2S0_1000.005.0012S5_2000.002.505",
"status": "affected",
"version": "2S0_1000.005.0012S5_2000.002.505",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aaron Herndon, Rapid7"
}
],
"datePublic": "2022-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T14:15:18",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kyocera Net View Address Book Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-03-29T13:05:00.000Z",
"ID": "CVE-2022-1026",
"STATE": "PUBLIC",
"TITLE": "Kyocera Net View Address Book Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multifunction Printer Net Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2S0_1000.005.0012S5_2000.002.505",
"version_value": "2S0_1000.005.0012S5_2000.002.505"
}
]
}
}
]
},
"vendor_name": "Kyocera"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aaron Herndon, Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html",
"refsource": "CONFIRM",
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html"
},
{
"name": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-1026",
"datePublished": "2022-04-04T14:15:18.324284Z",
"dateReserved": "2022-03-18T00:00:00",
"dateUpdated": "2024-09-16T20:06:43.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}