Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by Olivetti
VAR-202204-1331
Vulnerability from variot - Updated: 2023-12-18 13:59An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed. olivetti of d-color mf3555 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1331",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 1.0,
"vendor": "olivetti",
"version": "2xd_s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": "d-color mf3555 firmware 2xd s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555",
"scope": null,
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555 2xd s000.002.271",
"scope": null,
"trust": 0.6,
"vendor": "kyocera",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:olivetti:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:olivetti:d-color_mf3555:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25342"
}
]
},
"cve": "CVE-2022-25342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-25342",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-61447",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-25342",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25342",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-61447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3897",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-25342",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed. olivetti of d-color mf3555 An incorrect authentication vulnerability exists in firmware.Information may be obtained and information may be tampered with. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "VULMON",
"id": "CVE-2022-25342"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25342",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-61447",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3897",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-25342",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"id": "VAR-202204-1331",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
}
]
},
"last_update_date": "2023-12-18T13:59:44.714000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25342"
},
{
"trust": 0.7,
"url": "https://kyocera.com"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25342/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"date": "2022-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"date": "2023-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"date": "2022-04-20T13:15:07.590000",
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61447"
},
{
"date": "2022-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25342"
},
{
"date": "2023-07-28T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-008681"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-25342"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "olivetti\u00a0 of \u00a0d-color\u00a0mf3555\u00a0 Fraudulent Authentication Vulnerability in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3897"
}
],
"trust": 0.6
}
}
VAR-202204-1474
Vulnerability from variot - Updated: 2023-12-18 13:42An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. olivetti of d-color mf3555 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1474",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 1.0,
"vendor": "olivetti",
"version": "2xd_s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": "d-color mf3555 firmware 2xd s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555",
"scope": null,
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555 2xd s000.002.271",
"scope": null,
"trust": 0.6,
"vendor": "kyocera",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:olivetti:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:olivetti:d-color_mf3555:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25343"
}
]
},
"cve": "CVE-2022-25343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-25343",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-61446",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-25343",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25343",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-61446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-25343",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. olivetti of d-color mf3555 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "VULMON",
"id": "CVE-2022-25343"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25343",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-61446",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3894",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-25343",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"id": "VAR-202204-1474",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
}
]
},
"last_update_date": "2023-12-18T13:42:11.014000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25343"
},
{
"trust": 0.7,
"url": "https://kyocera.com"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25343/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"date": "2022-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"date": "2023-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"date": "2022-04-20T13:15:07.640000",
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61446"
},
{
"date": "2022-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25343"
},
{
"date": "2023-07-28T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-008680"
},
{
"date": "2022-05-12T20:06:50.770000",
"db": "NVD",
"id": "CVE-2022-25343"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "olivetti\u00a0 of \u00a0d-color\u00a0mf3555\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008680"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3894"
}
],
"trust": 0.6
}
}
VAR-202204-1591
Vulnerability from variot - Updated: 2023-12-18 13:27An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. olivetti of d-color mf3555 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan. An attacker can exploit this vulnerability through the /dvcset/sysset/set. The arg01.hostname field in the cgi post request executes JavaScript code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 1.0,
"vendor": "olivetti",
"version": "2xd_s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": "d-color mf3555 firmware 2xd s000.002.271"
},
{
"model": "d-color mf3555",
"scope": "eq",
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555",
"scope": null,
"trust": 0.8,
"vendor": "olivetti",
"version": null
},
{
"model": "d-color mf3555 2xd s000.002.271",
"scope": null,
"trust": 0.6,
"vendor": "kyocera",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:olivetti:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:olivetti:d-color_mf3555:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25344"
}
]
},
"cve": "CVE-2022-25344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-25344",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-61445",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-25344",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-25344",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-61445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3893",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-25344",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn\u0027t properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. olivetti of d-color mf3555 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan. An attacker can exploit this vulnerability through the /dvcset/sysset/set. The arg01.hostname field in the cgi post request executes JavaScript code",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "VULMON",
"id": "CVE-2022-25344"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25344",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-61445",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-25344",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"id": "VAR-202204-1591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
}
]
},
"last_update_date": "2023-12-18T13:27:19.062000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25344"
},
{
"trust": 0.7,
"url": "https://kyocera.com"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25344/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"date": "2022-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"date": "2023-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"date": "2022-04-20T13:15:07.683000",
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"date": "2022-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25344"
},
{
"date": "2023-07-28T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-008679"
},
{
"date": "2022-05-12T20:06:58.393000",
"db": "NVD",
"id": "CVE-2022-25344"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyocera d-COLOR MF3555 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-61445"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3893"
}
],
"trust": 0.6
}
}
CVE-2023-25954 (GCVE-0-2023-25954)
Vulnerability from nvd – Published: 2023-04-13 00:00 – Updated: 2025-02-07 16:31
VLAI
Summary
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Exposure of resource to wrong sphere
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kyocera Document Solutions, TA Triumph-Adler GmbH, and Olivetti SpA | KYOCERA Mobile Print, UTAX/TA MobilePrint, and Olivetti Mobile Print |
Affected:
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:05.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprint"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98434809/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:30:05.167062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:31:29.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KYOCERA Mobile Print, UTAX/TA MobilePrint, and Olivetti Mobile Print",
"vendor": "Kyocera Document Solutions, TA Triumph-Adler GmbH, and Olivetti SpA",
"versions": [
{
"status": "affected",
"version": "KYOCERA Mobile Print\u0027 v3.2.0.230119 and earlier, \u0027UTAX/TA MobilePrint\u0027 v3.2.0.230119 and earlier, and \u0027Olivetti Mobile Print\u0027 v3.2.0.230119 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KYOCERA Mobile Print\u0027 v3.2.0.230119 and earlier, \u0027UTAX/TA MobilePrint\u0027 v3.2.0.230119 and earlier, and \u0027Olivetti Mobile Print\u0027 v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user\u0027s Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of resource to wrong sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprint"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98434809/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-25954",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:31:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-001493
Vulnerability from jvndb - Published: 2023-04-13 11:09 - Updated:2024-05-30 15:48
Severity
Summary
Multiple mobile printing apps for Android vulnerable to improper intent handling
Details
Multiple mobile printing apps for Android are vulnerable to improper intent handling (CWE-668).
Johan Francsics reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001493.html",
"dc:date": "2024-05-30T15:48+09:00",
"dcterms:issued": "2023-04-13T11:09+09:00",
"dcterms:modified": "2024-05-30T15:48+09:00",
"description": "Multiple mobile printing apps for Android are vulnerable to improper intent handling (CWE-668).\r\n\r\nJohan Francsics reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001493.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:kyocera_document_solutions_android_kyocera_mobile_print",
"@product": "Android app \"KYOCERA Mobile Print\"",
"@vendor": "KYOCERA Document Solutions",
"@version": "2.2"
},
{
"#text": "cpe:/a:olivetti:mobile_print",
"@product": "Android app \"Olivetti Mobile Print\"",
"@vendor": "Olivetti",
"@version": "2.2"
},
{
"#text": "cpe:/a:triumph-adler:mobile_print",
"@product": "Android app \"UTAX/TA MobilePrint\"",
"@vendor": "TA Triumph-Adler GmbH",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001493",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98434809/",
"@id": "JVNVU#98434809",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25954",
"@id": "CVE-2023-25954",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25954",
"@id": "CVE-2023-25954",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/668.html",
"@id": "CWE-668",
"@title": "Exposure of Resource to Wrong Sphere(CWE-668)"
}
],
"title": "Multiple mobile printing apps for Android vulnerable to improper intent handling"
}
CVE-2023-25954 (GCVE-0-2023-25954)
Vulnerability from cvelistv5 – Published: 2023-04-13 00:00 – Updated: 2025-02-07 16:31
VLAI
Summary
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Exposure of resource to wrong sphere
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kyocera Document Solutions, TA Triumph-Adler GmbH, and Olivetti SpA | KYOCERA Mobile Print, UTAX/TA MobilePrint, and Olivetti Mobile Print |
Affected:
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:05.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprint"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98434809/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:30:05.167062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:31:29.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KYOCERA Mobile Print, UTAX/TA MobilePrint, and Olivetti Mobile Print",
"vendor": "Kyocera Document Solutions, TA Triumph-Adler GmbH, and Olivetti SpA",
"versions": [
{
"status": "affected",
"version": "KYOCERA Mobile Print\u0027 v3.2.0.230119 and earlier, \u0027UTAX/TA MobilePrint\u0027 v3.2.0.230119 and earlier, and \u0027Olivetti Mobile Print\u0027 v3.2.0.230119 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KYOCERA Mobile Print\u0027 v3.2.0.230119 and earlier, \u0027UTAX/TA MobilePrint\u0027 v3.2.0.230119 and earlier, and \u0027Olivetti Mobile Print\u0027 v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user\u0027s Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of resource to wrong sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprint"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprinttautax"
},
{
"url": "https://play.google.com/store/apps/details?id=com.kyocera.kyoprintolivetti"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98434809/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-25954",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:31:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}