CVE-2022-41798

Published: Dec 5, 2022Modified: Apr 24, 2025

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Affected (40)

Products: Kyocera: Taskalfa 7550ci Firmware, Taskalfa 6550ci Firmware, Taskalfa 5550ci Firmware, Taskalfa 4550ci Firmware, Taskalfa 3550ci Firmware, Taskalfa 3050ci Firmware, Taskalfa 255c Firmware, Taskalfa 205c Firmware, Taskalfa 256ci Firmware, Taskalfa 206ci Firmware, Ecosys M6526cdn Firmware, Ecosys M6526cidn Firmware, Fs C2126mfp+ Firmware, Fs C2026mfp Firmware, Taskalfa 8000i Firmware, Taskalfa 6500i Firmware, Taskalfa 5500i Firmware, Taskalfa 4500i Firmware, Taskalfa 3500i Firmware, Taskalfa 305 Firmware, Taskalfa 255 Firmware, Taskalfa 306i Firmware, Taskalfa 256i Firmware, Ls 3140mfp+ Firmware, Ls 3640mfp Firmware, Ecosys M2535dn Firmware, Ls 1135mfp Firmware, Ls 1035mfp Firmware, Ls C8650dn Firmware, Ls C8600dn Firmware, Ecosys P6026cdn Firmware, Fs C5250dn Firmware, Ls 4300dn Firmware, Ls 4200dn Firmware, Ls 2100dn Firmware, Ecosys P4040dn Firmware, Ecosys P2135dn Firmware, Fs 1370dn Firmware

Kyocera

38 products

Taskalfa 7550ci Firmware

Taskalfa 6550ci Firmware

Taskalfa 5550ci Firmware

Taskalfa 4550ci Firmware

Taskalfa 3550ci Firmware

Taskalfa 3050ci Firmware

Taskalfa 255c Firmware

Taskalfa 205c Firmware

Taskalfa 256ci Firmware

Taskalfa 206ci Firmware

Ecosys M6526cdn Firmware

Ecosys M6526cidn Firmware

Fs C2126mfp+ Firmware

Fs C2026mfp Firmware

Taskalfa 8000i Firmware

Taskalfa 6500i Firmware

Taskalfa 5500i Firmware

Taskalfa 4500i Firmware

Taskalfa 3500i Firmware

Taskalfa 305 Firmware

Taskalfa 255 Firmware

Taskalfa 306i Firmware

Taskalfa 256i Firmware

Ls 3140mfp+ Firmware

Ls 3640mfp Firmware

Ecosys M2535dn Firmware

Ecosys P6026cdn Firmware

Ecosys P4040dn Firmware

Ecosys P2135dn Firmware

Fs 1370dn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 7550ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 7550ci	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 6550ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 6550ci	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 5550ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 5550ci	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 4550ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 4550ci	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 3550ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 3550ci	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 3050ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 3050ci	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 255c Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 255c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 205c Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 205c	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 256ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 256ci	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 206ci Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 206ci	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys M6526cdn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys M6526cdn	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys M6526cidn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys M6526cidn	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Fs C2126mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Fs C2126mfp	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Fs C2126mfp+ Firmware	All versions

Running on/with	Platform Versions
Kyocera Fs C2126mfp+	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Fs C2026mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Fs C2026mfp	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 8000i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 8000i	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 6500i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 6500i	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 5500i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 5500i	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 4500i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 4500i	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 3500i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 3500i	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 305 Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 305	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 255 Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 255	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 306i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 306i	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 256i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 256i	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 3140mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 3140mfp	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 3140mfp+ Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 3140mfp+	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 3640mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 3640mfp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys M2535dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys M2535dn	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 1135mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 1135mfp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 1035mfp Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 1035mfp	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls C8650dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls C8650dn	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls C8600dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls C8600dn	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys P6026cdn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys P6026cdn	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Fs C5250dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Fs C5250dn	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 4300dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 4300dn	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 4200dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 4200dn	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ls 2100dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ls 2100dn	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys P4040dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys P4040dn	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys P2135dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys P2135dn	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Fs 1370dn Firmware	All versions

Running on/with	Platform Versions
Kyocera Fs 1370dn	All versions

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (6)

https://jvn.jp/en/jp/JVN46345126/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN46345126/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.