ID

VAR-202204-1591


CVE

CVE-2022-25344


TITLE

Kyocera d-COLOR MF3555 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-61445 // CNNVD: CNNVD-202204-3893

DESCRIPTION

An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. olivetti of d-color mf3555 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Corporation of Japan. An attacker can exploit this vulnerability through the /dvcset/sysset/set. The arg01.hostname field in the cgi post request executes JavaScript code

Trust: 2.25

sources: NVD: CVE-2022-25344 // JVNDB: JVNDB-2022-008679 // CNVD: CNVD-2022-61445 // VULMON: CVE-2022-25344

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-61445

AFFECTED PRODUCTS

vendor:olivettimodel:d-color mf3555scope:eqversion:2xd_s000.002.271

Trust: 1.0

vendor:olivettimodel:d-color mf3555scope:eqversion:d-color mf3555 firmware 2xd s000.002.271

Trust: 0.8

vendor:olivettimodel:d-color mf3555scope:eqversion: -

Trust: 0.8

vendor:olivettimodel:d-color mf3555scope: - version: -

Trust: 0.8

vendor:kyoceramodel:d-color mf3555 2xd s000.002.271scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-61445 // JVNDB: JVNDB-2022-008679 // NVD: CVE-2022-25344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25344
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-25344
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-61445
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-3893
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-25344
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-25344
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-61445
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-25344
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-25344
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-61445 // VULMON: CVE-2022-25344 // JVNDB: JVNDB-2022-008679 // CNNVD: CNNVD-202204-3893 // NVD: CVE-2022-25344

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008679 // NVD: CVE-2022-25344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3893

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202204-3893

EXTERNAL IDS

db:NVDid:CVE-2022-25344

Trust: 3.9

db:JVNDBid:JVNDB-2022-008679

Trust: 0.8

db:CNVDid:CNVD-2022-61445

Trust: 0.6

db:CNNVDid:CNNVD-202204-3893

Trust: 0.6

db:VULMONid:CVE-2022-25344

Trust: 0.1

sources: CNVD: CNVD-2022-61445 // VULMON: CVE-2022-25344 // JVNDB: JVNDB-2022-008679 // CNNVD: CNNVD-202204-3893 // NVD: CVE-2022-25344

REFERENCES

url:https://www.gruppotim.it/it/footer/red-team.html

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-25344

Trust: 1.4

url:https://kyocera.com

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-25344/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-61445 // VULMON: CVE-2022-25344 // JVNDB: JVNDB-2022-008679 // CNNVD: CNNVD-202204-3893 // NVD: CVE-2022-25344

SOURCES

db:CNVDid:CNVD-2022-61445
db:VULMONid:CVE-2022-25344
db:JVNDBid:JVNDB-2022-008679
db:CNNVDid:CNNVD-202204-3893
db:NVDid:CVE-2022-25344

LAST UPDATE DATE

2024-08-14T15:27:18.723000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-61445date:2022-09-02T00:00:00
db:VULMONid:CVE-2022-25344date:2022-04-28T00:00:00
db:JVNDBid:JVNDB-2022-008679date:2023-07-28T08:05:00
db:CNNVDid:CNNVD-202204-3893date:2022-07-01T00:00:00
db:NVDid:CVE-2022-25344date:2022-05-12T20:06:58.393

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-61445date:2022-09-02T00:00:00
db:VULMONid:CVE-2022-25344date:2022-04-20T00:00:00
db:JVNDBid:JVNDB-2022-008679date:2023-07-28T00:00:00
db:CNNVDid:CNNVD-202204-3893date:2022-04-20T00:00:00
db:NVDid:CVE-2022-25344date:2022-04-20T13:15:07.683