CVE-2022-41830
moderate-risk
Published 2022-12-05
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Taskalfa 7550Ci Firmware
Taskalfa 6550Ci Firmware
Taskalfa 5550Ci Firmware
Taskalfa 4550Ci Firmware
Taskalfa 3550Ci Firmware
Taskalfa 3050Ci Firmware
Taskalfa 255C Firmware
Taskalfa 205C Firmware
Taskalfa 256Ci Firmware
Taskalfa 206Ci Firmware
Ecosys M6526Cdn Firmware
Ecosys M6526Cidn Firmware
Fs-C2126Mfp Firmware
Fs-C2126Mfp\+ Firmware
Fs-C2026Mfp Firmware
Taskalfa 8000I Firmware
Taskalfa 6500I Firmware
Taskalfa 5500I Firmware
Taskalfa 4500I Firmware
Taskalfa 3500I Firmware
Affected Vendors
References (6)
Vendor Advisory
https://jvn.jp/en/jp/JVN46345126/index.html
Third Party Advisory
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/20...
Vendor Advisory
https://jvn.jp/en/jp/JVN46345126/index.html
Third Party Advisory
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/20...
43
/ 100
moderate-risk
Severity
19/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
24/34 · High