PT-2023-24784 · Kyocera · Kyocera Taskalfa 4053Ci

Gorazd Jank

Publicado

2023-11-02

Atualizado

2024-09-05

CVE-2023-34261

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kyocera TASKalfa 4053ci printers through 2VG S000.002.561

Description The issue allows identification of valid user accounts via username enumeration. This occurs because the system returns a "nicht einloggen" error rather than a "falsch" error when an attempt is made to access an account.

Recommendations For Kyocera TASKalfa 4053ci printers through 2VG S000.002.561, consider restricting access to the login functionality to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-34261

Produtos afetados

Kyocera Taskalfa 4053Ci

PT-2023-24784 · Kyocera · Kyocera Taskalfa 4053Ci

CVE-2023-34261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8