CVE-2019-6452 - Vulnerability Details - OpenCVE

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kyocera	Command Center Rx Taskalfa 4501i Taskalfa 5052ci

Configuration 1 [-]

AND

cpe:2.3:o:kyocera:command_center_rx:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_4501i:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:kyocera:command_center_rx:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_5052ci:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.nccst.nat.gov.tw
https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-06T18:06:26

Updated: 2024-08-04T20:23:20.852Z

Reserved: 2019-01-16T00:00:00

Link: CVE-2019-6452

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-06T19:29:00.987

Modified: 2024-11-21T04:46:28.570

Link: CVE-2019-6452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T18:06:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.nccst.nat.gov.tw"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.nccst.nat.gov.tw", "refsource": "MISC", "url": "http://www.nccst.nat.gov.tw"}, {"name": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452", "refsource": "MISC", "url": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:20.852Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nccst.nat.gov.tw"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6452", "datePublished": "2019-06-06T18:06:26", "dateReserved": "2019-01-16T00:00:00", "dateUpdated": "2024-08-04T20:23:20.852Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kyocera:command_center_rx:-:*:*:*:*:*:*:*", "matchCriteriaId": "A129CD92-49AA-4D79-9D5B-33D76124119A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kyocera:taskalfa_4501i:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D5FF179-0B52-4586-A16F-3D18F36A196C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kyocera:command_center_rx:-:*:*:*:*:*:*:*", "matchCriteriaId": "A129CD92-49AA-4D79-9D5B-33D76124119A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kyocera:taskalfa_5052ci:-:*:*:*:*:*:*:*", "matchCriteriaId": "308686B5-A566-4E41-8AEA-8D5739FA92C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password."}, {"lang": "es", "value": "Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci permiten que atacantes remotos puedan abusar del bot\u00f3n de prueba en la libreta de direcciones de la m\u00e1quina para obtener una contrase\u00f1a FTP o SMB de texto simple."}], "id": "CVE-2019-6452", "lastModified": "2024-11-21T04:46:28.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-06T19:29:00.987", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.nccst.nat.gov.tw"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.nccst.nat.gov.tw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6452"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}