Details of VAR-202003-0801

ID

VAR-202003-0801

CVE

CVE-2019-13203

TITLE

plural Kyocera Integer overflow vulnerability in printer

Trust: 0.8

sources: JVNDB: JVNDB-2019-014968

DESCRIPTION

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera The printer is vulnerable to integer overflow.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan

Trust: 2.16

sources: NVD: CVE-2019-13203 // JVNDB: JVNDB-2019-014968 // CNVD: CNVD-2020-20741

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20741

AFFECTED PRODUCTS

vendor:	kyocera	model:	ecosys m5526cdw	scope:	eq	version:	2r7_2000.001.701	Trust: 1.8
vendor:	kyocera	model:	ecosys m5526cdw 2r7 2000.001.701	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20741 // JVNDB: JVNDB-2019-014968 // NVD: CVE-2019-13203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13203
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014968
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-20741
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-885
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-13203
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014968
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20741
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-13203
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014968
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20741 // JVNDB: JVNDB-2019-014968 // CNNVD: CNNVD-202003-885 // NVD: CVE-2019-13203

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-014968 // NVD: CVE-2019-13203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-885

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202003-885

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014968

PATCH

title:	カラーA4複合機・コピー機：ECOSYS M5526cdw	url:	https://www.kyoceradocumentsolutions.co.jp/products/color-multifunction/ecosys-m5526cdw/	Trust: 0.8
title:	Patch for Kyocera ECOSYS M5526cdw integer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/212023	Trust: 0.6
title:	Kyocera ECOSYS M5526cdw Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112126	Trust: 0.6

sources: CNVD: CNVD-2020-20741 // JVNDB: JVNDB-2019-014968 // CNNVD: CNNVD-202003-885

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13203	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014968	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20741	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-885	Trust: 0.6

sources: CNVD: CNVD-2020-20741 // JVNDB: JVNDB-2019-014968 // CNNVD: CNNVD-202003-885 // NVD: CVE-2019-13203

REFERENCES

url:	https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13203	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13203	Trust: 0.8

sources: CNVD: CNVD-2020-20741 // JVNDB: JVNDB-2019-014968 // CNNVD: CNNVD-202003-885 // NVD: CVE-2019-13203

SOURCES

db:	CNVD	id:	CNVD-2020-20741
db:	JVNDB	id:	JVNDB-2019-014968
db:	CNNVD	id:	CNNVD-202003-885
db:	NVD	id:	CVE-2019-13203

LAST UPDATE DATE

2024-11-23T22:55:16.304000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20741	date:	2020-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-014968	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-885	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2019-13203	date:	2024-11-21T04:24:27.047

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20741	date:	2020-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-014968	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-885	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-13203	date:	2020-03-13T18:15:12.357