CVE-2022-41798

CVSS V2 None CVSS V3 None

Description

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Overview

CVE ID
CVE-2022-41798

Assigner
vultures@jpcert.or.jp

Vulnerability Status
Analyzed

Published Version
2022-12-05T04:15:09

Last Modified Date
2022-12-06T16:42:25

Weakness Enumerations

CWE	URL
CWE-290	http://cwe.mitre.org/data/definitions/290.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:kyocera:taskalfa_7550ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_7550ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_6550ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_6550ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_5550ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_5550ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_4550ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_4550ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_3550ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_3550ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_3050ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_3050ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_255c_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_255c:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_205c_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_205c:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_256ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_256ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_206ci_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_206ci:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_m6526cdn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_m6526cdn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_m6526cidn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_m6526cidn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:fs-c2126mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:fs-c2126mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:fs-c2126mfp\+_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:fs-c2126mfp\+:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:fs-c2026mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:fs-c2026mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_8000i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_8000i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_6500i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_6500i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_5500i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_5500i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_4500i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_4500i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_3500i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_3500i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_305_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_305:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_255_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_255:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_306i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_306i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:taskalfa_256i_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:taskalfa_256i:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-3140mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-3140mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-3140mfp\+_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-3140mfp\+:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-3640mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-3640mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_m2535dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_m2535dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-1135mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-1135mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-1035mfp_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-1035mfp:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-c8650dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-c8650dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-c8600dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-c8600dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_p6026cdn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_p6026cdn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:fs-c5250dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:fs-c5250dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-4300dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-4300dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-4200dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-4200dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ls-2100dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ls-2100dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_p4040dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_p4040dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:ecosys_p2135dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:ecosys_p2135dn:-:::::::*	0	OR
		AND
cpe:2.3:o:kyocera:fs-1370dn_firmware:-:::::::*	1	OR
cpe:2.3:h:kyocera:fs-1370dn:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://jvn.jp/en/jp/JVN46345126/index.html	Vendor Advisory
https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html	Mitigation Vendor Advisory
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-41798
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41798

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:06:21				Added to TrackCVE
2022-12-18 04:34:19	2022-12-05T04:15:09.967	2022-12-05T04:15:09	CVE Published Date	updated
2022-12-18 04:34:19		2022-12-06T16:42:25	CVE Modified Date	updated