6.5

CVE-2022-41798

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KyoceraTaskalfa 7550ci Firmware Version-
   KyoceraTaskalfa 7550ci Version-
KyoceraTaskalfa 6550ci Firmware Version-
   KyoceraTaskalfa 6550ci Version-
KyoceraTaskalfa 5550ci Firmware Version-
   KyoceraTaskalfa 5550ci Version-
KyoceraTaskalfa 4550ci Firmware Version-
   KyoceraTaskalfa 4550ci Version-
KyoceraTaskalfa 3550ci Firmware Version-
   KyoceraTaskalfa 3550ci Version-
KyoceraTaskalfa 3050ci Firmware Version-
   KyoceraTaskalfa 3050ci Version-
KyoceraTaskalfa 255c Firmware Version-
   KyoceraTaskalfa 255c Version-
KyoceraTaskalfa 205c Firmware Version-
   KyoceraTaskalfa 205c Version-
KyoceraTaskalfa 256ci Firmware Version-
   KyoceraTaskalfa 256ci Version-
KyoceraTaskalfa 206ci Firmware Version-
   KyoceraTaskalfa 206ci Version-
KyoceraEcosys M6526cdn Firmware Version-
   KyoceraEcosys M6526cdn Version-
KyoceraEcosys M6526cidn Firmware Version-
   KyoceraEcosys M6526cidn Version-
KyoceraFs-c2126mfp Firmware Version-
   KyoceraFs-c2126mfp Version-
KyoceraFs-c2026mfp Firmware Version-
   KyoceraFs-c2026mfp Version-
KyoceraTaskalfa 8000i Firmware Version-
   KyoceraTaskalfa 8000i Version-
KyoceraTaskalfa 6500i Firmware Version-
   KyoceraTaskalfa 6500i Version-
KyoceraTaskalfa 5500i Firmware Version-
   KyoceraTaskalfa 5500i Version-
KyoceraTaskalfa 4500i Firmware Version-
   KyoceraTaskalfa 4500i Version-
KyoceraTaskalfa 3500i Firmware Version-
   KyoceraTaskalfa 3500i Version-
KyoceraTaskalfa 305 Firmware Version-
   KyoceraTaskalfa 305 Version-
KyoceraTaskalfa 255 Firmware Version-
   KyoceraTaskalfa 255 Version-
KyoceraTaskalfa 306i Firmware Version-
   KyoceraTaskalfa 306i Version-
KyoceraTaskalfa 256i Firmware Version-
   KyoceraTaskalfa 256i Version-
KyoceraLs-3140mfp Firmware Version-
   KyoceraLs-3140mfp Version-
KyoceraLs-3640mfp Firmware Version-
   KyoceraLs-3640mfp Version-
KyoceraEcosys M2535dn Firmware Version-
   KyoceraEcosys M2535dn Version-
KyoceraLs-1135mfp Firmware Version-
   KyoceraLs-1135mfp Version-
KyoceraLs-1035mfp Firmware Version-
   KyoceraLs-1035mfp Version-
KyoceraLs-c8650dn Firmware Version-
   KyoceraLs-c8650dn Version-
KyoceraLs-c8600dn Firmware Version-
   KyoceraLs-c8600dn Version-
KyoceraEcosys P6026cdn Firmware Version-
   KyoceraEcosys P6026cdn Version-
KyoceraFs-c5250dn Firmware Version-
   KyoceraFs-c5250dn Version-
KyoceraLs-4300dn Firmware Version-
   KyoceraLs-4300dn Version-
KyoceraLs-4200dn Firmware Version-
   KyoceraLs-4200dn Version-
KyoceraLs-2100dn Firmware Version-
   KyoceraLs-2100dn Version-
KyoceraEcosys P4040dn Firmware Version-
   KyoceraEcosys P4040dn Version-
KyoceraEcosys P2135dn Firmware Version-
   KyoceraEcosys P2135dn Version-
KyoceraFs-1370dn Firmware Version-
   KyoceraFs-1370dn Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.