CVE-2020-23575 – This directory traversal vulnerability in Kyoce... (How to Fix)

Q: What is the severity of CVE-2020-23575?

CVE-2020-23575 has a CVSS score of 7.5 (HIGH). This directory traversal vulnerability in Kyocera d-COPIA253MF plus printers allows attackers to access arbitrary files on the server filesystem. Attackers can exploit this to read sensitive configuration files, credentials, or other data. Organizations using this specific printer model are affected.

📋 TL;DR

This directory traversal vulnerability in Kyocera d-COPIA253MF plus printers allows attackers to access arbitrary files on the server filesystem. Attackers can exploit this to read sensitive configuration files, credentials, or other data. Organizations using this specific printer model are affected.

💻 Affected Systems

Products:

Kyocera d-COPIA253MF plus

Versions: All versions prior to patching

Operating Systems: Embedded printer OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component of the printer management system.

📦 What is this software?

D Copia253mf Plus Firmware by Kyocera

View all CVEs affecting D Copia253mf Plus Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of printer credentials, configuration files, and potentially adjacent network systems if credentials are reused.

🟠

Likely Case

Exposure of printer configuration, network settings, and administrative credentials stored on the device.

🟢

If Mitigated

Limited to printer-specific data exposure if proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - Printers exposed to internet can be directly attacked without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but exploitation is straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP requests with directory traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Kyocera for specific firmware version

Vendor Advisory: https://www.kyoceradocumentsolutions.com

Restart Required: Yes

Instructions:

1. Check Kyocera support portal for firmware updates. 2. Download latest firmware for d-COPIA253MF plus. 3. Upload firmware via printer web interface. 4. Reboot printer after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate printer to separate VLAN with restricted access

Access Control

all

Restrict printer web interface access to authorized IPs only

🧯 If You Can't Patch

Disable printer web interface if not required for operations
Implement strict firewall rules to block external access to printer management ports

🔍 How to Verify

Check if Vulnerable:

Test with curl: curl -v 'http://printer-ip/path/../../etc/passwd' and check for file contents

Check Version:

Check firmware version in printer web interface under System Information

Verify Fix Applied:

Attempt same traversal attack after patching - should return error or empty response

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' sequences
Unusual file access patterns in printer logs

Network Indicators:

HTTP requests to printer with directory traversal patterns
Multiple failed file access attempts

SIEM Query:

source="printer_logs" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2020-23575

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: May 10, 2021

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/48561 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/48561 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23575, you might also want to check these: