CVE-2022-41798 - Vulnerability Details

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00034.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

KYOCERA Document Solutions Inc.

Kyocera Document Solutions MFPs and printers

affected

Version	Status	Constraints
`A wide range of products is affected. For the specific products/versions information, see the URL provided by the vendor which is listed in [Reference] section.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:kyocera:taskalfa_7550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_7550ci:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:kyocera:taskalfa_6550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_6550ci:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:kyocera:taskalfa_5550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_5550ci:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:kyocera:taskalfa_4550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_4550ci:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:kyocera:taskalfa_3550ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3550ci:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:kyocera:taskalfa_3050ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3050ci:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:kyocera:taskalfa_255c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_255c:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:kyocera:taskalfa_205c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_205c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:kyocera:taskalfa_256ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_256ci:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:kyocera:taskalfa_206ci_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_206ci:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:kyocera:ecosys_m6526cdn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m6526cdn:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:kyocera:ecosys_m6526cidn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m6526cidn:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:kyocera:fs-c2126mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2126mfp:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:kyocera:fs-c2126mfp\+_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2126mfp\+:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:kyocera:fs-c2026mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c2026mfp:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:kyocera:taskalfa_8000i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_8000i:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:kyocera:taskalfa_6500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_6500i:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:kyocera:taskalfa_5500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_5500i:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:kyocera:taskalfa_4500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_4500i:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:kyocera:taskalfa_3500i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_3500i:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:kyocera:taskalfa_305_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_305:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:kyocera:taskalfa_255_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_255:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:kyocera:taskalfa_306i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_306i:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:kyocera:taskalfa_256i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:taskalfa_256i:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:kyocera:ls-3140mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3140mfp:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:kyocera:ls-3140mfp\+_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3140mfp\+:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:kyocera:ls-3640mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-3640mfp:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:kyocera:ecosys_m2535dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_m2535dn:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:kyocera:ls-1135mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-1135mfp:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:kyocera:ls-1035mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-1035mfp:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:kyocera:ls-c8650dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-c8650dn:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:kyocera:ls-c8600dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-c8600dn:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:kyocera:ecosys_p6026cdn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p6026cdn:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:kyocera:fs-c5250dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-c5250dn:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:kyocera:ls-4300dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-4300dn:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:kyocera:ls-4200dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-4200dn:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:kyocera:ls-2100dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ls-2100dn:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:kyocera:ecosys_p4040dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p4040dn:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:kyocera:ecosys_p2135dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:ecosys_p2135dn:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:kyocera:fs-1370dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:kyocera:fs-1370dn:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Kyocera Subscribe	Ecosys M2535dn Subscribe Ecosys M2535dn Firmware Subscribe Ecosys M6526cdn Subscribe Ecosys M6526cdn Firmware Subscribe Ecosys M6526cidn Subscribe Ecosys M6526cidn Firmware Subscribe Ecosys P2135dn Subscribe Ecosys P2135dn Firmware Subscribe Ecosys P4040dn Subscribe Ecosys P4040dn Firmware Subscribe Ecosys P6026cdn Subscribe Ecosys P6026cdn Firmware Subscribe Fs-1370dn Subscribe Fs-1370dn Firmware Subscribe Fs-c2026mfp Subscribe Fs-c2026mfp Firmware Subscribe Fs-c2126mfp Subscribe Fs-c2126mfp\+ Subscribe Fs-c2126mfp\+ Firmware Subscribe Fs-c2126mfp Firmware Subscribe Fs-c5250dn Subscribe Fs-c5250dn Firmware Subscribe Ls-1035mfp Subscribe Ls-1035mfp Firmware Subscribe Ls-1135mfp Subscribe Ls-1135mfp Firmware Subscribe Ls-2100dn Subscribe Ls-2100dn Firmware Subscribe Ls-3140mfp Subscribe Ls-3140mfp\+ Subscribe Ls-3140mfp\+ Firmware Subscribe Ls-3140mfp Firmware Subscribe Ls-3640mfp Subscribe Ls-3640mfp Firmware Subscribe Ls-4200dn Subscribe Ls-4200dn Firmware Subscribe Ls-4300dn Subscribe Ls-4300dn Firmware Subscribe Ls-c8600dn Subscribe Ls-c8600dn Firmware Subscribe Ls-c8650dn Subscribe Ls-c8650dn Firmware Subscribe Taskalfa 205c Subscribe Taskalfa 205c Firmware Subscribe Taskalfa 206ci Subscribe Taskalfa 206ci Firmware Subscribe Taskalfa 255 Subscribe Taskalfa 255 Firmware Subscribe Taskalfa 255c Subscribe Taskalfa 255c Firmware Subscribe Taskalfa 256ci Subscribe Taskalfa 256ci Firmware Subscribe Taskalfa 256i Subscribe Taskalfa 256i Firmware Subscribe Taskalfa 305 Subscribe Taskalfa 3050ci Subscribe Taskalfa 3050ci Firmware Subscribe Taskalfa 305 Firmware Subscribe Taskalfa 306i Subscribe Taskalfa 306i Firmware Subscribe Taskalfa 3500i Subscribe Taskalfa 3500i Firmware Subscribe Taskalfa 3550ci Subscribe Taskalfa 3550ci Firmware Subscribe Taskalfa 4500i Subscribe Taskalfa 4500i Firmware Subscribe Taskalfa 4550ci Subscribe Taskalfa 4550ci Firmware Subscribe Taskalfa 5500i Subscribe Taskalfa 5500i Firmware Subscribe Taskalfa 5550ci Subscribe Taskalfa 5550ci Firmware Subscribe Taskalfa 6500i Subscribe Taskalfa 6500i Firmware Subscribe Taskalfa 6550ci Subscribe Taskalfa 6550ci Firmware Subscribe Taskalfa 7550ci Subscribe Taskalfa 7550ci Firmware Subscribe Taskalfa 8000i Subscribe Taskalfa 8000i Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-44966	Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/jp/JVN46345126/index.html
https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html

History

Thu, 24 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-12-05T00:00:00.000Z

Updated: 2025-04-24T14:30:52.508Z

Reserved: 2022-10-22T00:00:00.000Z

Link: CVE-2022-41798

Vulnrichment

Updated: 2024-08-03T12:56:37.889Z

NVD

Status : Modified

Published: 2022-12-05T04:15:09.967

Modified: 2025-04-24T15:15:49.100

Link: CVE-2022-41798

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-290

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object