CVE-2023-34259

moderate-risk

Published 2023-11-03

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.

Do I need to act?

93.1% chance of exploitation in next 30 days

EPSS score — higher than 7% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (1)

D-Copia253Mf Plus Firmware

Affected Vendors

Kyocera

References (4)

Third Party Advisory https://sec-consult.com/vulnerability-lab/

Exploit https://seclists.org/fulldisclosure/2023/Jul/15

Third Party Advisory https://sec-consult.com/vulnerability-lab/

Exploit https://seclists.org/fulldisclosure/2023/Jul/15

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal