Sign-up

ID

VAR-201905-0791


CVE

CVE-2018-16656


TITLE

Kyocera TASKalfa 4002i and 6002i Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015439

DESCRIPTION

DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. Kyocera TASKalfa 4002i and 6002i The device contains an information disclosure vulnerability.Information may be obtained. Kyocera TASKalfa 4002i and Kyocera TASKalfa 6002i are both a multi-function printer from Kyocera Corporation of Japan. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2018-16656 // JVNDB: JVNDB-2018-015439 // VULHUB: VHN-127037

AFFECTED PRODUCTS

vendor:kyoceramodel:taskalfa 6002iscope:eqversion: -

Trust: 1.0

vendor:kyoceramodel:taskalfa 4002iscope:eqversion: -

Trust: 1.0

vendor:kyoceramodel:taskalfa 4002iscope: - version: -

Trust: 0.8

vendor:kyoceramodel:taskalfa 6002iscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-015439 // NVD: CVE-2018-16656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16656
value: HIGH

Trust: 1.0

NVD: CVE-2018-16656
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-596
value: HIGH

Trust: 0.6

VULHUB: VHN-127037
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16656
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16656
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-127037 // JVNDB: JVNDB-2018-015439 // CNNVD: CNNVD-201905-596 // NVD: CVE-2018-16656

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-127037 // JVNDB: JVNDB-2018-015439 // NVD: CVE-2018-16656

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-596

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-596

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015439

PATCH
title:モノクロ複合機・コピー機:TASKalfa 6002i/5002i/4002iurl:https://www.kyoceradocumentsolutions.co.jp/products/black-and-white-multifunction/taskalfa-6002i-5002i-4002i/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015439

EXTERNAL IDS
db:NVDid:CVE-2018-16656
Trust: 2.5
db:JVNDBid:JVNDB-2018-015439
Trust: 0.8
db:CNNVDid:CNNVD-201905-596
Trust: 0.7
db:VULHUBid:VHN-127037
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127037 // 
            
            
            
            JVNDB: JVNDB-2018-015439 // 
            
            
            
            CNNVD: CNNVD-201905-596 // 
            
            
            
            NVD: CVE-2018-16656

REFERENCES
url:https://mars-cheng.github.io/blog/2019/cve-2018-16656
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-16656
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16656
Trust: 0.8
sources:
            
            
            VULHUB: VHN-127037 // 
            
            
            
            JVNDB: JVNDB-2018-015439 // 
            
            
            
            CNNVD: CNNVD-201905-596 // 
            
            
            
            NVD: CVE-2018-16656

SOURCES
db:VULHUBid:VHN-127037
db:JVNDBid:JVNDB-2018-015439
db:CNNVDid:CNNVD-201905-596
db:NVDid:CVE-2018-16656

LAST UPDATE DATE
2024-11-23T21:59:56.841000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127037date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2018-015439date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-596date:2019-05-22T00:00:00
db:NVDid:CVE-2018-16656date:2024-11-21T03:53:09.217

SOURCES RELEASE DATE
db:VULHUBid:VHN-127037date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015439date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-596date:2019-05-14T00:00:00
db:NVDid:CVE-2018-16656date:2019-05-14T20:29:01.293