CVE-2019-13205 (GCVE-0-2019-13205)

Vulnerability from cvelistv5 – Published: 2020-03-13 17:47 – Updated: 2024-08-04 23:41
VLAI
Summary
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:41:10.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T17:47:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/",
              "refsource": "MISC",
              "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13205",
    "datePublished": "2020-03-13T17:47:09.000Z",
    "dateReserved": "2019-07-03T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:41:10.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-13205",
      "date": "2026-06-26",
      "epss": "0.01114",
      "percentile": "0.619"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF221F39-6F07-4674-9A53-2104AF0B151C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:kyocera:ecosys_m5526cdw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA6498BC-B514-4791-9B50-60F8CD534A12\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.\"}, {\"lang\": \"es\", \"value\": \"Todos los par\\u00e1metros de configuraci\\u00f3n de determinadas  impresoras Kyocera (tal y como la ECOSYS M5526cdw versi\\u00f3n 2R7_2000.001.701), fueron accesibles para usuarios no autenticados. Esta informaci\\u00f3n s\\u00f3lo se presentaba en los men\\u00fas cuando se autenticaban, y las p\\u00e1ginas que cargaban esta informaci\\u00f3n tambi\\u00e9n estaban protegidas. Sin embargo, todos los archivos que conten\\u00edan los par\\u00e1metros de configuraci\\u00f3n eran accesibles. Estos archivos conten\\u00edan informaci\\u00f3n confidencial, tales como usuarios, cadenas de la comunidad y otras contrase\\u00f1as configuradas en la impresora.\"}]",
      "id": "CVE-2019-13205",
      "lastModified": "2024-11-21T04:24:27.333",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-13T18:15:12.483",
      "references": "[{\"url\": \"https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-13205\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-13T18:15:12.483\",\"lastModified\":\"2024-11-21T04:24:27.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.\"},{\"lang\":\"es\",\"value\":\"Todos los par\u00e1metros de configuraci\u00f3n de determinadas  impresoras Kyocera (tal y como la ECOSYS M5526cdw versi\u00f3n 2R7_2000.001.701), fueron accesibles para usuarios no autenticados. Esta informaci\u00f3n s\u00f3lo se presentaba en los men\u00fas cuando se autenticaban, y las p\u00e1ginas que cargaban esta informaci\u00f3n tambi\u00e9n estaban protegidas. Sin embargo, todos los archivos que conten\u00edan los par\u00e1metros de configuraci\u00f3n eran accesibles. Estos archivos conten\u00edan informaci\u00f3n confidencial, tales como usuarios, cadenas de la comunidad y otras contrase\u00f1as configuradas en la impresora.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF221F39-6F07-4674-9A53-2104AF0B151C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:kyocera:ecosys_m5526cdw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA6498BC-B514-4791-9B50-60F8CD534A12\"}]}]}],\"references\":[{\"url\":\"https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.