Sign-up

ID

VAR-200602-0337


CVE

CVE-2006-0789


TITLE

Kyocera Vulnerability to access management menu in printer

Trust: 0.8

sources: JVNDB: JVNDB-2006-003883

DESCRIPTION

Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. Kyocera The printer contains a vulnerability that allows access to the administration menu.A third party may access the administration menu. Fs-3830N is prone to a remote security vulnerability. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. The security issue is caused due to the printer allowing access to certain configuration settings without requiring prior authentication via a request sent to port 9100/tcp. This may be exploited to disclose and modify the configured settings. SOLUTION: Restrict access to the printer. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-0789 // JVNDB: JVNDB-2006-003883 // CNVD: CNVD-2006-0958 // BID: 88134 // PACKETSTORM: 43916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0958

AFFECTED PRODUCTS

vendor:kyoceramodel:fs-3830nscope: - version: -

Trust: 1.4

vendor:kyoceramodel:fs-3830nscope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:kyoceramodel:fs-3830nscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-0958 // BID: 88134 // JVNDB: JVNDB-2006-003883 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0789
value: HIGH

Trust: 1.0

NVD: CVE-2006-0789
value: HIGH

Trust: 0.8

CNVD: CNVD-2006-0958
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200602-301
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2006-0789
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-0958
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-0958 // JVNDB: JVNDB-2006-003883 // CNNVD: CNNVD-200602-301 // NVD: CVE-2006-0789

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-301

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200602-301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003883

EXTERNAL IDS
db:NVDid:CVE-2006-0789
Trust: 3.3
db:SECUNIAid:18896
Trust: 2.3
db:VUPENid:ADV-2006-0620
Trust: 1.6
db:OSVDBid:23246
Trust: 1.6
db:XFid:24774
Trust: 0.9
db:JVNDBid:JVNDB-2006-003883
Trust: 0.8
db:CNVDid:CNVD-2006-0958
Trust: 0.6
db:XFid:3830
Trust: 0.6
db:FULLDISCid:20060215 KYOCERA NETWORK PRINTERS
Trust: 0.6
db:CNNVDid:CNNVD-200602-301
Trust: 0.6
db:BIDid:88134
Trust: 0.3
db:PACKETSTORMid:43916
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-0958 // 
            
            
            
            BID: 88134 // 
            
            
            
            JVNDB: JVNDB-2006-003883 // 
            
            
            
            PACKETSTORM: 43916 // 
            
            
            
            CNNVD: CNNVD-200602-301 // 
            
            
            
            NVD: CVE-2006-0789

REFERENCES
url:http://secunia.com/advisories/18896
Trust: 2.2
url:http://evader.wordpress.com/2006/02/16/kyocera-printers/
Trust: 2.0
url:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0344.html
Trust: 1.9
url:http://www.osvdb.org/23246
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/0620
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24774
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/24774
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0789
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0789
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/0620
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/18896/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/8101/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-0958 // 
            
            
            
            BID: 88134 // 
            
            
            
            JVNDB: JVNDB-2006-003883 // 
            
            
            
            PACKETSTORM: 43916 // 
            
            
            
            CNNVD: CNNVD-200602-301 // 
            
            
            
            NVD: CVE-2006-0789

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 88134

SOURCES
db:CNVDid:CNVD-2006-0958
db:BIDid:88134
db:JVNDBid:JVNDB-2006-003883
db:PACKETSTORMid:43916
db:CNNVDid:CNNVD-200602-301
db:NVDid:CVE-2006-0789

LAST UPDATE DATE
2024-08-14T15:25:38.063000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-0958date:2006-02-19T00:00:00
db:BIDid:88134date:2006-02-19T00:00:00
db:JVNDBid:JVNDB-2006-003883date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200602-301date:2006-02-23T00:00:00
db:NVDid:CVE-2006-0789date:2017-07-20T01:30:04.347

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-0958date:2006-02-19T00:00:00
db:BIDid:88134date:2006-02-19T00:00:00
db:JVNDBid:JVNDB-2006-003883date:2014-03-11T00:00:00
db:PACKETSTORMid:43916date:2006-02-16T21:45:30
db:CNNVDid:CNNVD-200602-301date:2006-02-19T00:00:00
db:NVDid:CVE-2006-0789date:2006-02-19T11:02:00