VAR-200602-0337
Vulnerability from variot - Updated: 2023-12-18 13:49Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. Kyocera The printer contains a vulnerability that allows access to the administration menu.A third party may access the administration menu. Fs-3830N is prone to a remote security vulnerability.
TITLE: Kyocera FS-3830N Configuration Modification Security Issue
SECUNIA ADVISORY ID: SA18896
VERIFY ADVISORY: http://secunia.com/advisories/18896/
CRITICAL: Less critical
IMPACT: Manipulation of data, Exposure of system information
WHERE:
From local network
OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/
DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information.
The security issue is caused due to the printer allowing access to certain configuration settings without requiring prior authentication via a request sent to port 9100/tcp. This may be exploited to disclose and modify the configured settings.
SOLUTION: Restrict access to the printer.
PROVIDED AND/OR DISCOVERED BY: evader
ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs-3830n",
"scope": null,
"trust": 1.4,
"vendor": "kyocera",
"version": null
},
{
"model": "fs-3830n",
"scope": "eq",
"trust": 1.0,
"vendor": "kyocera",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "fs-3830n",
"scope": "eq",
"trust": 0.3,
"vendor": "kyocera",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "BID",
"id": "88134"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:kyocera:fs-3830n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "88134"
}
],
"trust": 0.3
},
"cve": "CVE-2006-0789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-0789",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-0958",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-0789",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2006-0958",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200602-301",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain unspecified Kyocera printers have a default \"admin\" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. Kyocera The printer contains a vulnerability that allows access to the administration menu.A third party may access the administration menu. Fs-3830N is prone to a remote security vulnerability. \n\nTITLE:\nKyocera FS-3830N Configuration Modification Security Issue\n\nSECUNIA ADVISORY ID:\nSA18896\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18896/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nManipulation of data, Exposure of system information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nKyocera FS-3830N\nhttp://secunia.com/product/8101/\n\nDESCRIPTION:\nevader has reported a security issue in Kyocera FS-3830N Printer,\nwhich can be exploited by malicious people to gain knowledge of or\npotentially to modify certain system information. \n\nThe security issue is caused due to the printer allowing access to\ncertain configuration settings without requiring prior authentication\nvia a request sent to port 9100/tcp. This may be exploited to disclose\nand modify the configured settings. \n\nSOLUTION:\nRestrict access to the printer. \n\nPROVIDED AND/OR DISCOVERED BY:\nevader\n\nORIGINAL ADVISORY:\nhttp://evader.wordpress.com/2006/02/16/kyocera-printers/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "BID",
"id": "88134"
},
{
"db": "PACKETSTORM",
"id": "43916"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-0789",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "18896",
"trust": 2.3
},
{
"db": "VUPEN",
"id": "ADV-2006-0620",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "23246",
"trust": 1.6
},
{
"db": "XF",
"id": "24774",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-0958",
"trust": 0.6
},
{
"db": "XF",
"id": "3830",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060215 KYOCERA NETWORK PRINTERS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301",
"trust": 0.6
},
{
"db": "BID",
"id": "88134",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "43916",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "BID",
"id": "88134"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "PACKETSTORM",
"id": "43916"
},
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"id": "VAR-200602-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
}
]
},
"last_update_date": "2023-12-18T13:49:53.184000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://secunia.com/advisories/18896"
},
{
"trust": 2.0,
"url": "http://evader.wordpress.com/2006/02/16/kyocera-printers/"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0344.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/23246"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/0620"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24774"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/24774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0789"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0789"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0620"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18896/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8101/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "BID",
"id": "88134"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "PACKETSTORM",
"id": "43916"
},
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"db": "BID",
"id": "88134"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"db": "PACKETSTORM",
"id": "43916"
},
{
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"date": "2006-02-19T00:00:00",
"db": "BID",
"id": "88134"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"date": "2006-02-16T21:45:30",
"db": "PACKETSTORM",
"id": "43916"
},
{
"date": "2006-02-19T11:02:00",
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"date": "2006-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0958"
},
{
"date": "2006-02-19T00:00:00",
"db": "BID",
"id": "88134"
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003883"
},
{
"date": "2017-07-20T01:30:04.347000",
"db": "NVD",
"id": "CVE-2006-0789"
},
{
"date": "2006-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyocera Vulnerability to access management menu in printer",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003883"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-301"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…