ID

VAR-200602-0272


CVE

CVE-2006-0788


TITLE

Kyocera 3830 Printer Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2006-0960 // BID: 16685

DESCRIPTION

Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. Kyocera 3830 printer is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper authentication before granting access to printer functions. An attacker can exploit this issue to set arbitrary printer configuration settings. The impact of successful exploitation will vary depending on the settings reconfigured. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. This may be exploited to disclose and modify the configured settings. Note: It has also been reported that other network-enabled Kyocera printers have a default username "admin" and blank password for the telnet configuration port. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-0788 // CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0960

AFFECTED PRODUCTS

vendor:kyoceramodel:fs-3830nscope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:kyoceramodel:fs-3830nscope: - version: -

Trust: 0.6

vendor:kyoceramodel:fs-3830n printerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-0960 // BID: 16685 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0788
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2006-0960
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200602-299
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-0788
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-0960
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-0960 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-299

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200602-299

EXTERNAL IDS

db:BIDid:16685

Trust: 2.5

db:NVDid:CVE-2006-0788

Trust: 2.2

db:SECUNIAid:18896

Trust: 1.7

db:OSVDBid:23245

Trust: 1.6

db:VUPENid:ADV-2006-0620

Trust: 1.6

db:CNVDid:CNVD-2006-0960

Trust: 0.6

db:XFid:3830

Trust: 0.6

db:XFid:24772

Trust: 0.6

db:FULLDISCid:20060215 KYOCERA NETWORK PRINTERS

Trust: 0.6

db:CNNVDid:CNNVD-200602-299

Trust: 0.6

db:PACKETSTORMid:43916

Trust: 0.1

sources: CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

REFERENCES

url:http://www.securityfocus.com/bid/16685

Trust: 2.2

url:http://evader.wordpress.com/2006/02/16/kyocera-printers/

Trust: 2.0

url:http://secunia.com/advisories/18896

Trust: 1.6

url:http://www.osvdb.org/23245

Trust: 1.6

url:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0344.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/0620

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24772

Trust: 1.0

url:http://www.frsirt.com/english/advisories/2006/0620

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24772

Trust: 0.6

url:http://www.kyoceramita-europe.com/html/view/products/viewproduct.asp?idproduct=705&idfeature=1

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18896/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/8101/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

CREDITS

evader is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 16685 // CNNVD: CNNVD-200602-299

SOURCES

db:CNVDid:CNVD-2006-0960
db:BIDid:16685
db:PACKETSTORMid:43916
db:CNNVDid:CNNVD-200602-299
db:NVDid:CVE-2006-0788

LAST UPDATE DATE

2024-11-23T22:04:23.294000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0960date:2006-02-19T00:00:00
db:BIDid:16685date:2006-02-17T01:02:00
db:CNNVDid:CNNVD-200602-299date:2006-02-23T00:00:00
db:NVDid:CVE-2006-0788date:2024-11-21T00:07:20.523

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0960date:2006-02-19T00:00:00
db:BIDid:16685date:2006-02-16T00:00:00
db:PACKETSTORMid:43916date:2006-02-16T21:45:30
db:CNNVDid:CNNVD-200602-299date:2006-02-19T00:00:00
db:NVDid:CVE-2006-0788date:2006-02-19T11:02:00