From 2fbd6da9f7044d29b56cadc332de77896856bd30 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 4 Apr 2022 09:08:52 -0500 Subject: [PATCH] Add CVE for Kyocera MFPs (#51) --- 2022/1xxx/CVE-2022-1026.json | 95 +++++++++++++++++++++++++++++++++--- 1 file changed, 88 insertions(+), 7 deletions(-) diff --git a/2022/1xxx/CVE-2022-1026.json b/2022/1xxx/CVE-2022-1026.json index fc809fb9583..c37aa37facb 100644 --- a/2022/1xxx/CVE-2022-1026.json +++ b/2022/1xxx/CVE-2022-1026.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2022-03-29T13:05:00.000Z", "ID": "CVE-2022-1026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Kyocera Net View Address Book Exposure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Multifunction Printer Net Viewer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2S0_1000.005.0012S5_2000.002.505", + "version_value": "2S0_1000.005.0012S5_2000.002.505" + } + ] + } + } + ] + }, + "vendor_name": "Kyocera" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Aaron Herndon, Rapid7" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html", + "refsource": "CONFIRM", + "url": "https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html" + }, + { + "name": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/", + "refsource": "MISC", + "url": "https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } -} \ No newline at end of file +}