CVE-2019-6452 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kyocera	Command Center Rx	-
Kyocera	Taskalfa 4501I	-
Kyocera	Taskalfa 5052Ci	-

Related Weaknesses (CWE)

CWE-522

References

http://www.nccst.nat.gov.twThird Party Advisory
https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452ExploitThird Party Advisory
http://www.nccst.nat.gov.twThird Party Advisory
https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452ExploitThird Party Advisory

FAQ

What is CVE-2019-6452?

CVE-2019-6452 is a vulnerability with a CVSS score of 8.8 (HIGH). Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

How severe is CVE-2019-6452?

CVE-2019-6452 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6452?

Check the references section above for vendor advisories and patch information. Affected products include: Kyocera Command Center Rx, Kyocera Taskalfa 4501I, Kyocera Taskalfa 5052Ci.