CVE-2023-34261

low-risk

Published 2023-11-03

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.

Do I need to act?

0.37% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

D-Copia253Mf Plus Firmware

Affected Vendors

Kyocera

References (4)

Third Party Advisory https://sec-consult.com/vulnerability-lab/

Exploit https://seclists.org/fulldisclosure/2023/Jul/15

Third Party Advisory https://sec-consult.com/vulnerability-lab/

Exploit https://seclists.org/fulldisclosure/2023/Jul/15

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal