Details of VAR-202003-0803

ID

VAR-202003-0803

CVE

CVE-2019-13205

TITLE

Kyocera ECOSYS M5526CDW information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-20743 // CNNVD: CNNVD-202003-903

DESCRIPTION

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. plural Kyocera Printers are vulnerable to information leakage.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. An information disclosure vulnerability exists in Kyocera ECOSYS M5526CDW that uses the firmware version 2R7_2000.001.701

Trust: 2.16

sources: NVD: CVE-2019-13205 // JVNDB: JVNDB-2019-015082 // CNVD: CNVD-2020-20743

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20743

AFFECTED PRODUCTS

vendor:	kyocera	model:	ecosys m5526cdw	scope:	eq	version:	2r7_2000.001.701	Trust: 1.8
vendor:	kyocera	model:	ecosys m5526cdw 2r7 2000.001.701	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-20743 // JVNDB: JVNDB-2019-015082 // NVD: CVE-2019-13205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13205
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015082
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-20743
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-903
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-13205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015082
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20743
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-13205
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015082
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20743 // JVNDB: JVNDB-2019-015082 // CNNVD: CNNVD-202003-903 // NVD: CVE-2019-13205

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-015082 // NVD: CVE-2019-13205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-903

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-903

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015082

PATCH

title:	カラーA4複合機・コピー機：ECOSYS M5526cdw	url:	https://www.kyoceradocumentsolutions.co.jp/products/color-multifunction/ecosys-m5526cdw/	Trust: 0.8
title:	Patch for Kyocera ECOSYS M5526CDW information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/212021	Trust: 0.6
title:	Kyocera ECOSYS M5526CDW Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112164	Trust: 0.6

sources: CNVD: CNVD-2020-20743 // JVNDB: JVNDB-2019-015082 // CNNVD: CNNVD-202003-903

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13205	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015082	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20743	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-903	Trust: 0.6

sources: CNVD: CNVD-2020-20743 // JVNDB: JVNDB-2019-015082 // CNNVD: CNNVD-202003-903 // NVD: CVE-2019-13205

REFERENCES

url:	https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13205	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13205	Trust: 0.8

sources: CNVD: CNVD-2020-20743 // JVNDB: JVNDB-2019-015082 // CNNVD: CNNVD-202003-903 // NVD: CVE-2019-13205

SOURCES

db:	CNVD	id:	CNVD-2020-20743
db:	JVNDB	id:	JVNDB-2019-015082
db:	CNNVD	id:	CNNVD-202003-903
db:	NVD	id:	CVE-2019-13205

LAST UPDATE DATE

2024-11-23T21:36:02.891000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20743	date:	2020-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-015082	date:	2020-04-03T00:00:00
db:	CNNVD	id:	CNNVD-202003-903	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2019-13205	date:	2024-11-21T04:24:27.333

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20743	date:	2020-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-015082	date:	2020-04-03T00:00:00
db:	CNNVD	id:	CNNVD-202003-903	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-13205	date:	2020-03-13T18:15:12.483