Details of VAR-202003-0798

ID

VAR-202003-0798

CVE

CVE-2019-13200

TITLE

Kyocera ECOSYS M5526CDW cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-20978 // CNNVD: CNNVD-202003-863

DESCRIPTION

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-13200 // JVNDB: JVNDB-2019-014936 // CNVD: CNVD-2020-20978

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20978

AFFECTED PRODUCTS

vendor:	kyocera	model:	ecosys m5526cdw	scope:	eq	version:	2r7_2000.001.701	Trust: 1.0
vendor:	kyocera	model:	ecosys m5526cdw	scope:	-	version:	-	Trust: 0.8
vendor:	kyocera	model:	ecosys m5526cdw 2r7 2000.001.701	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20978 // JVNDB: JVNDB-2019-014936 // NVD: CVE-2019-13200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13200
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014936
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-20978
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-863
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-13200
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014936
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20978
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-13200
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014936
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20978 // JVNDB: JVNDB-2019-014936 // CNNVD: CNNVD-202003-863 // NVD: CVE-2019-13200

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-014936 // NVD: CVE-2019-13200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-863

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-863

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014936

PATCH

title:	カラーA4複合機・コピー機：ECOSYS M5526cdw	url:	https://www.kyoceradocumentsolutions.co.jp/products/color-multifunction/ecosys-m5526cdw/	Trust: 0.8
title:	Patch for Kyocera ECOSYS M5526CDW cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/212071	Trust: 0.6
title:	Kyocera ECOSYS M5526cdw Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112083	Trust: 0.6

sources: CNVD: CNVD-2020-20978 // JVNDB: JVNDB-2019-014936 // CNNVD: CNNVD-202003-863

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13200	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014936	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20978	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-863	Trust: 0.6

sources: CNVD: CNVD-2020-20978 // JVNDB: JVNDB-2019-014936 // CNNVD: CNNVD-202003-863 // NVD: CVE-2019-13200

REFERENCES

url:	https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13200	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13200	Trust: 0.8

sources: CNVD: CNVD-2020-20978 // JVNDB: JVNDB-2019-014936 // CNNVD: CNNVD-202003-863 // NVD: CVE-2019-13200

SOURCES

db:	CNVD	id:	CNVD-2020-20978
db:	JVNDB	id:	JVNDB-2019-014936
db:	CNNVD	id:	CNNVD-202003-863
db:	NVD	id:	CVE-2019-13200

LAST UPDATE DATE

2024-11-23T22:33:34.058000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20978	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-014936	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-863	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2019-13200	date:	2024-11-21T04:24:26.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20978	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-014936	date:	2020-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202003-863	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-13200	date:	2020-03-13T19:15:16.477