CVE-2022-1026
published 2022-04-04CVE-2022-1026: Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords…
PriorityP181high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
15.10%
96.3th percentile
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kyocera | multifunction_printer_net_viewer | 2S0_1000.005.0012S5_2000.002.505 – 2S0_1000.005.0012S5_2000.002.505 | — |
| kyocera | net_viewer | <= 2s0_1000.005.0012s5_2000.002.505 | — |
Detection & IOCsextracted from sources · hover to see the quote
otherhttp://www.kyoceramita.com/ws/km-wsdl/setting/address_book/create_personal_address_enumeration25↗
- →Detect unauthenticated POST requests to the Kyocera address book SOAP endpoint at /ws/km-wsdl/setting/address_book with the SOAP action create_personal_address_enumeration25 ↗
- →Successful exploitation returns HTTP 200 with Content-Type text/xml and a body containing SOAP-ENV:Envelope and SOAP-ENV:Body — monitor for these in responses to unauthenticated requests ↗
- →Use Shodan query 'product:"Kyocera Printer Panel"' to identify internet-exposed Kyocera printers potentially vulnerable to this CVE ↗
- →Content-Type of the exploit request is application/soap+xml — filter for unauthenticated SOAP requests to printer management endpoints ↗
- ·The vulnerability affects Kyocera Net Viewer (all versions matched by wildcard CPE), meaning any unpatched Net View installation may be vulnerable; version scoping is broad ↗
- ·The exploit requires no authentication (PR:N, UI:N) and is network-accessible (AV:N), making it trivially exploitable from the internet against exposed printers ↗
- ·EPSS score of 0.86782 (99.4th percentile) indicates very high real-world exploitation probability; prioritize detection and patching accordingly ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck8.6HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4cgp-8jr7-7x94: Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and pass
ghsa_unreviewed·2022-04-05
CVE-2022-1026 [HIGH] CWE-522 GHSA-4cgp-8jr7-7x94: Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and pass
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
VulnCheck
kyocera net_viewer Insufficiently Protected Credentials
vulncheck·2022·CVSS 8.6
CVE-2022-1026 [HIGH] kyocera net_viewer Insufficiently Protected Credentials
kyocera net_viewer Insufficiently Protected Credentials
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Affected: kyocera net_viewer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-08&host_type=src&vulnerability=cve-2022-1026; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-11&host_type=src&vulnerability=cve-2022-1026; https://dashboard.shadowserver.org/statisti
Red Hat
quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus
vendor_redhat·2022-11-28·CVSS 7.5
CVE-2022-4147 [HIGH] CWE-1026 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus
quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
A vulnerability was found in Quarkus. The Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest have no event listeners registered on the object returned by the XMLHttpRequest upload property, and have no ReadableStream object used in the request.
No detection rules found.
Nuclei
Kyocera Net View Address Book Exposure
nuclei·CVSS 8.6
CVE-2022-1026 [HIGH] Kyocera Net View Address Book Exposure
Kyocera Net View Address Book Exposure
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Template:
id: CVE-2022-1026
info:
name: Kyocera Net View Address Book Exposure
author: DhiyaneshDK
severity: high
description: |
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
impact: |
Unauthenticated attackers can export the address book from Kyocera printers containing sensitive user information including usernames and passwords without authentication.
No writeups or analysis indexed.
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.htmlhttps://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.htmlhttps://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/
2022-04-04
Published
Exploited in the wild