The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
References
Configurations
History
21 Nov 2024, 00:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/31631 - Broken Link, Vendor Advisory | |
References | () http://www.informit.com/guides/content.aspx?g=security&seqNum=320 - Exploit, Not Applicable | |
References | () http://www.securityfocus.com/archive/1/495772/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/30855 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/44717 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/53004 - Third Party Advisory, VDB Entry |
21 Jan 2024, 02:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
References | (BID) http://www.securityfocus.com/bid/30855 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.informit.com/guides/content.aspx?g=security&seqNum=320 - Exploit, Not Applicable | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/53004 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31631 - Broken Link, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/495772/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44717 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
Information
Published : 2009-08-28 15:30
Updated : 2024-11-21 00:58
NVD link : CVE-2008-7109
Mitre link : CVE-2008-7109
CVE.ORG link : CVE-2008-7109
JSON object : View
Products Affected
kyoceramita
- scanner_file_utility
CWE
CWE-863
Incorrect Authorization