CVE-2019-13205 — HIGH (7.5)

Vulnerability Description

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Kyocera	Ecosys M5526Cdw Firmware	2r7_2000.001.701
Kyocera	Ecosys M5526Cdw	-

Related Weaknesses (CWE)

CWE-306

References

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory

FAQ

What is CVE-2019-13205?

CVE-2019-13205 is a vulnerability with a CVSS score of 7.5 (HIGH). All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when ...

How severe is CVE-2019-13205?

CVE-2019-13205 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13205?

Check the references section above for vendor advisories and patch information. Affected products include: Kyocera Ecosys M5526Cdw Firmware, Kyocera Ecosys M5526Cdw.