CVE-2008-7109
published 2009-08-28CVE-2008-7109: The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.13%
89.6th percentile
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kyoceramita | scanner_file_utility | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h776-w786-6h4h: The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3
ghsa_unreviewed·2022-05-14·CVSS 9.8
CVE-2008-7111 [CRITICAL] GHSA-h776-w786-6h4h: The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.
GHSA
GHSA-j5vc-w2jr-hw4p: The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3
ghsa_unreviewed·2022-05-14
CVE-2008-7109 [HIGH] CWE-287 GHSA-j5vc-w2jr-hw4p: The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Incorrect Authorization
mitre_cwe
CWE-863 Incorrect Authorization
CWE-863: Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Background: An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: "No access", "Read access", "Change access", and "Full control". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups al
CWE
Improper Authorization
mitre_cwe
CWE-285 Improper Authorization
CWE-285: Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Background: An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: "No access", "Read access", "Change access", and "Full control". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their
CWE
Missing Authorization
mitre_cwe
CWE-862 Missing Authorization
CWE-862: Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Background: An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: "No access", "Read access", "Change access", and "Full control". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions.
http://secunia.com/advisories/31631http://www.informit.com/guides/content.aspx?g=security&seqNum=320http://www.securityfocus.com/archive/1/495772/100/0/threadedhttp://www.securityfocus.com/bid/30855https://exchange.xforce.ibmcloud.com/vulnerabilities/44717https://exchange.xforce.ibmcloud.com/vulnerabilities/53004http://secunia.com/advisories/31631http://www.informit.com/guides/content.aspx?g=security&seqNum=320http://www.securityfocus.com/archive/1/495772/100/0/threadedhttp://www.securityfocus.com/bid/30855https://exchange.xforce.ibmcloud.com/vulnerabilities/44717https://exchange.xforce.ibmcloud.com/vulnerabilities/53004
2009-08-28
Published