ID

VAR-200602-0337


CVE

CVE-2006-0789


TITLE

Kyocera Vulnerability to access management menu in printer

Trust: 0.8

sources: JVNDB: JVNDB-2006-003883

DESCRIPTION

Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. Kyocera The printer contains a vulnerability that allows access to the administration menu.A third party may access the administration menu. Fs-3830N is prone to a remote security vulnerability. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. The security issue is caused due to the printer allowing access to certain configuration settings without requiring prior authentication via a request sent to port 9100/tcp. This may be exploited to disclose and modify the configured settings. SOLUTION: Restrict access to the printer. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-0789 // JVNDB: JVNDB-2006-003883 // CNVD: CNVD-2006-0958 // BID: 88134 // PACKETSTORM: 43916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0958

AFFECTED PRODUCTS

vendor:kyoceramodel:fs-3830nscope: - version: -

Trust: 1.4

vendor:kyoceramodel:fs-3830nscope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:kyoceramodel:fs-3830nscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-0958 // BID: 88134 // JVNDB: JVNDB-2006-003883 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0789
value: HIGH

Trust: 1.0

NVD: CVE-2006-0789
value: HIGH

Trust: 0.8

CNVD: CNVD-2006-0958
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200602-301
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2006-0789
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-0958
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-0958 // JVNDB: JVNDB-2006-003883 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-301

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200602-301

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003883

EXTERNAL IDS

db:NVDid:CVE-2006-0789

Trust: 3.3

db:SECUNIAid:18896

Trust: 2.3

db:VUPENid:ADV-2006-0620

Trust: 1.6

db:OSVDBid:23246

Trust: 1.6

db:XFid:24774

Trust: 0.9

db:JVNDBid:JVNDB-2006-003883

Trust: 0.8

db:CNVDid:CNVD-2006-0958

Trust: 0.6

db:XFid:3830

Trust: 0.6

db:FULLDISCid:20060215 KYOCERA NETWORK PRINTERS

Trust: 0.6

db:CNNVDid:CNNVD-200602-301

Trust: 0.6

db:BIDid:88134

Trust: 0.3

db:PACKETSTORMid:43916

Trust: 0.1

sources: CNVD: CNVD-2006-0958 // BID: 88134 // JVNDB: JVNDB-2006-003883 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

REFERENCES

url:http://secunia.com/advisories/18896

Trust: 2.2

url:http://evader.wordpress.com/2006/02/16/kyocera-printers/

Trust: 2.0

url:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0344.html

Trust: 1.9

url:http://www.osvdb.org/23246

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/0620

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24774

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/24774

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0789

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0789

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0620

Trust: 0.6

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18896/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/8101/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2006-0958 // BID: 88134 // JVNDB: JVNDB-2006-003883 // PACKETSTORM: 43916 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

CREDITS

Unknown

Trust: 0.3

sources: BID: 88134

SOURCES

db:CNVDid:CNVD-2006-0958
db:BIDid:88134
db:JVNDBid:JVNDB-2006-003883
db:PACKETSTORMid:43916
db:CNNVDid:CNNVD-200602-301
db:NVDid:CVE-2006-0789

LAST UPDATE DATE

2024-11-23T22:04:23.260000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0958date:2006-02-19T00:00:00
db:BIDid:88134date:2006-02-19T00:00:00
db:JVNDBid:JVNDB-2006-003883date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200602-301date:2006-02-23T00:00:00
db:NVDid:CVE-2006-0789date:2024-11-21T00:07:20.657

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0958date:2006-02-19T00:00:00
db:BIDid:88134date:2006-02-19T00:00:00
db:JVNDBid:JVNDB-2006-003883date:2014-03-11T00:00:00
db:PACKETSTORMid:43916date:2006-02-16T21:45:30
db:CNNVDid:CNNVD-200602-301date:2006-02-19T00:00:00
db:NVDid:CVE-2006-0789date:2006-02-19T11:02:00