CVE-2020-25890 — MEDIUM (6.1)

Vulnerability Description

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Kyocera	Ecosys M2640Idw Firmware	-
Kyocera	Ecosys M2640Idw	-

Related Weaknesses (CWE)

CWE-79

References

https://vitor-santos.medium.com/xss-in-kyocera-printer-ecosys-m2640idw-cf6d3bc52ExploitThird Party Advisory
https://vitor-santos.medium.com/xss-in-kyocera-printer-ecosys-m2640idw-cf6d3bc52ExploitThird Party Advisory

FAQ

What is CVE-2020-25890?

CVE-2020-25890 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vu...

How severe is CVE-2020-25890?

CVE-2020-25890 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25890?

Check the references section above for vendor advisories and patch information. Affected products include: Kyocera Ecosys M2640Idw Firmware, Kyocera Ecosys M2640Idw.