exploitDog

CVE-2019-13199

Опубликовано: 13 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

Ссылки

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/
Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m5526cdw:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-2v63-98q8-j2pr

github

больше 3 лет назад

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

EPSS

Процентиль: 6%

0.00024

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352