Details of VAR-202003-0796

ID

VAR-202003-0796

CVE

CVE-2019-13198

TITLE

plural Kyocera Cross-site scripting vulnerabilities in printers

Trust: 0.8

sources: JVNDB: JVNDB-2019-015071

DESCRIPTION

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-13198 // JVNDB: JVNDB-2019-015071 // CNVD: CNVD-2020-20976

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20976

AFFECTED PRODUCTS

vendor:	kyocera	model:	ecosys m5526cdw	scope:	eq	version:	2r7_2000.001.701	Trust: 1.8
vendor:	kyocera	model:	ecosys m5526cdw 2r7 2000.001.701	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20976 // JVNDB: JVNDB-2019-015071 // NVD: CVE-2019-13198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13198
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015071
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-20976
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-859
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-13198
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015071
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20976
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-13198
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015071
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20976 // JVNDB: JVNDB-2019-015071 // CNNVD: CNNVD-202003-859 // NVD: CVE-2019-13198

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015071 // NVD: CVE-2019-13198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-859

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-859

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015071

PATCH

title:	カラーA4複合機・コピー機：ECOSYS M5526cdw	url:	https://www.kyoceradocumentsolutions.co.jp/products/color-multifunction/ecosys-m5526cdw/	Trust: 0.8
title:	Patch for Kyocera ECOSYS M5526cdw cross-site scripting vulnerability (CNVD-2020-20976)	url:	https://www.cnvd.org.cn/patchInfo/show/212077	Trust: 0.6
title:	Kyocera ECOSYS M5526cdw Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112079	Trust: 0.6

sources: CNVD: CNVD-2020-20976 // JVNDB: JVNDB-2019-015071 // CNNVD: CNNVD-202003-859

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13198	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015071	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20976	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-859	Trust: 0.6

sources: CNVD: CNVD-2020-20976 // JVNDB: JVNDB-2019-015071 // CNNVD: CNNVD-202003-859 // NVD: CVE-2019-13198

REFERENCES

url:	https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13198	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13198	Trust: 0.8

sources: CNVD: CNVD-2020-20976 // JVNDB: JVNDB-2019-015071 // CNNVD: CNNVD-202003-859 // NVD: CVE-2019-13198

SOURCES

db:	CNVD	id:	CNVD-2020-20976
db:	JVNDB	id:	JVNDB-2019-015071
db:	CNNVD	id:	CNNVD-202003-859
db:	NVD	id:	CVE-2019-13198

LAST UPDATE DATE

2024-11-23T21:59:27.687000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20976	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-015071	date:	2020-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202003-859	date:	2020-03-20T00:00:00
db:	NVD	id:	CVE-2019-13198	date:	2024-11-21T04:24:26.263

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20976	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-015071	date:	2020-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202003-859	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-13198	date:	2020-03-13T19:15:16.337