CVE-2022-41798

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html	Mitigation Vendor Advisory
https://jvn.jp/en/jp/JVN46345126/index.html	Vendor Advisory
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_7550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_7550ci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_6550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_6550ci:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_5550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_5550ci:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_4550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_4550ci:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_3550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3550ci:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_3050ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3050ci:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_255c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_255c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_205c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_205c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_256ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_256ci:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_206ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_206ci:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:kyocera:ecosys_m6526cdn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m6526cdn:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:kyocera:ecosys_m6526cidn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m6526cidn:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:kyocera:fs-c2126mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2126mfp:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:kyocera:fs-c2126mfp\+_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2126mfp\+:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:kyocera:fs-c2026mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2026mfp:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_8000i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_8000i:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_6500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_6500i:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_5500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_5500i:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_4500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_4500i:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_3500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3500i:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_305_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_305:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_255_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_255:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_306i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_306i:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:kyocera:taskalfa_256i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_256i:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:kyocera:ls-3140mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3140mfp:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:kyocera:ls-3140mfp\+_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3140mfp\+:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:kyocera:ls-3640mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3640mfp:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:kyocera:ecosys_m2535dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m2535dn:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:kyocera:ls-1135mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-1135mfp:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:kyocera:ls-1035mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-1035mfp:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:kyocera:ls-c8650dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-c8650dn:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:kyocera:ls-c8600dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-c8600dn:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:kyocera:ecosys_p6026cdn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p6026cdn:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:kyocera:fs-c5250dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c5250dn:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:kyocera:ls-4300dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-4300dn:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:kyocera:ls-4200dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-4200dn:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:kyocera:ls-2100dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-2100dn:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:kyocera:ecosys_p4040dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p4040dn:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:kyocera:ecosys_p2135dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p2135dn:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:kyocera:fs-1370dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-1370dn:-:*:*:*:*:*:*:*

Information

Published : 2022-12-04 20:15

Updated : 2022-12-06 08:42

NVD link : CVE-2022-41798

Mitre link : CVE-2022-41798

JSON object : View

CWE

CWE-290

Authentication Bypass by Spoofing

Products Affected

kyocera

taskalfa_3500i
taskalfa_256ci
ls-c8650dn
taskalfa_8000i
taskalfa_305
taskalfa_5550ci
fs-1370dn
taskalfa_6550ci_firmware
taskalfa_6500i
taskalfa_5500i
ls-c8600dn
fs-c5250dn_firmware
taskalfa_6550ci
taskalfa_6500i_firmware
taskalfa_3550ci_firmware
taskalfa_306i_firmware
fs-c5250dn
taskalfa_256ci_firmware
taskalfa_5500i_firmware
ls-4200dn
ls-c8650dn_firmware
taskalfa_8000i_firmware
ecosys_p2135dn_firmware
fs-c2126mfp\+
ecosys_m2535dn
ecosys_p4040dn
taskalfa_4500i
taskalfa_7550ci
fs-c2126mfp\+_firmware
taskalfa_3050ci_firmware
ls-c8600dn_firmware
taskalfa_7550ci_firmware
taskalfa_205c_firmware
ls-2100dn
ls-1135mfp_firmware
taskalfa_256i
ls-3640mfp
fs-c2026mfp
ls-1035mfp_firmware
ls-3140mfp\+_firmware
taskalfa_3050ci
ls-3140mfp_firmware
taskalfa_5550ci_firmware
fs-c2126mfp
fs-c2026mfp_firmware
ls-4200dn_firmware
ls-1135mfp
taskalfa_3500i_firmware
taskalfa_3550ci
taskalfa_255c_firmware
taskalfa_205c
taskalfa_255
ecosys_p6026cdn
taskalfa_4550ci_firmware
ecosys_m6526cdn
ecosys_m6526cidn
taskalfa_206ci_firmware
taskalfa_305_firmware
taskalfa_306i
ls-3140mfp
ls-1035mfp
ls-4300dn_firmware
taskalfa_4500i_firmware
ls-2100dn_firmware
ecosys_p6026cdn_firmware
fs-c2126mfp_firmware
ecosys_m6526cidn_firmware
taskalfa_206ci
ls-4300dn
taskalfa_255c
ls-3640mfp_firmware
ecosys_m2535dn_firmware
ecosys_p4040dn_firmware
fs-1370dn_firmware
taskalfa_256i_firmware
ecosys_p2135dn
taskalfa_4550ci
taskalfa_255_firmware
ecosys_m6526cdn_firmware
ls-3140mfp\+

6.5 /10