Details of VAR-200602-0272

ID

VAR-200602-0272

CVE

CVE-2006-0788

TITLE

Kyocera 3830 Printer Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2006-0960 // BID: 16685

DESCRIPTION

Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. Kyocera 3830 printer is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper authentication before granting access to printer functions. An attacker can exploit this issue to set arbitrary printer configuration settings. The impact of successful exploitation will vary depending on the settings reconfigured. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. This may be exploited to disclose and modify the configured settings. Note: It has also been reported that other network-enabled Kyocera printers have a default username "admin" and blank password for the telnet configuration port. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-0788 // CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-0960

AFFECTED PRODUCTS

vendor:	kyocera	model:	fs-3830n	scope:	eq	version:	*	Trust: 1.0
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	kyocera	model:	fs-3830n	scope:	-	version:	-	Trust: 0.6
vendor:	kyocera	model:	fs-3830n printer	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2006-0960 // BID: 16685 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0788
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-0960
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200602-299
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-0788
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-0960
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-0960 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-299

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200602-299

EXTERNAL IDS

db:	BID	id:	16685	Trust: 2.5
db:	NVD	id:	CVE-2006-0788	Trust: 2.2
db:	SECUNIA	id:	18896	Trust: 1.7
db:	OSVDB	id:	23245	Trust: 1.6
db:	VUPEN	id:	ADV-2006-0620	Trust: 1.6
db:	CNVD	id:	CNVD-2006-0960	Trust: 0.6
db:	XF	id:	3830	Trust: 0.6
db:	XF	id:	24772	Trust: 0.6
db:	FULLDISC	id:	20060215 KYOCERA NETWORK PRINTERS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200602-299	Trust: 0.6
db:	PACKETSTORM	id:	43916	Trust: 0.1

sources: CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

REFERENCES

url:	http://www.securityfocus.com/bid/16685	Trust: 2.2
url:	http://evader.wordpress.com/2006/02/16/kyocera-printers/	Trust: 2.0
url:	http://secunia.com/advisories/18896	Trust: 1.6
url:	http://www.osvdb.org/23245	Trust: 1.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0344.html	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2006/0620	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24772	Trust: 1.0
url:	http://www.frsirt.com/english/advisories/2006/0620	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24772	Trust: 0.6
url:	http://www.kyoceramita-europe.com/html/view/products/viewproduct.asp?idproduct=705&idfeature=1	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18896/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/8101/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-0960 // BID: 16685 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-299 // NVD: CVE-2006-0788

CREDITS

evader is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 16685 // CNNVD: CNNVD-200602-299

SOURCES

db:	CNVD	id:	CNVD-2006-0960
db:	BID	id:	16685
db:	PACKETSTORM	id:	43916
db:	CNNVD	id:	CNNVD-200602-299
db:	NVD	id:	CVE-2006-0788

LAST UPDATE DATE

2024-08-14T15:25:38.104000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-0960	date:	2006-02-19T00:00:00
db:	BID	id:	16685	date:	2006-02-17T01:02:00
db:	CNNVD	id:	CNNVD-200602-299	date:	2006-02-23T00:00:00
db:	NVD	id:	CVE-2006-0788	date:	2017-07-20T01:30:04.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-0960	date:	2006-02-19T00:00:00
db:	BID	id:	16685	date:	2006-02-16T00:00:00
db:	PACKETSTORM	id:	43916	date:	2006-02-16T21:45:30
db:	CNNVD	id:	CNNVD-200602-299	date:	2006-02-19T00:00:00
db:	NVD	id:	CVE-2006-0788	date:	2006-02-19T11:02:00