CVE-2022-25342 – This CVE describes a broken access control vuln... (How to Fix)

Q: What is the severity of CVE-2022-25342?

CVE-2022-25342 has a CVSS score of 8.1 (HIGH). This CVE describes a broken access control vulnerability in Olivetti d-COLOR MF3555 multifunction printers. Attackers can bypass authentication and access restricted administrative pages via the /mngset/authset path. Only users of affected Olivetti printer models are impacted.

📋 TL;DR

This CVE describes a broken access control vulnerability in Olivetti d-COLOR MF3555 multifunction printers. Attackers can bypass authentication and access restricted administrative pages via the /mngset/authset path. Only users of affected Olivetti printer models are impacted.

💻 Affected Systems

Products:

Olivetti d-COLOR MF3555

Versions: 2XD_S000.002.271

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific firmware version mentioned in CVE is confirmed affected. Other versions may also be vulnerable.

📦 What is this software?

D Color Mf3555 Firmware by Olivetti

View all CVEs affecting D Color Mf3555 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control of the printer, potentially accessing sensitive documents, modifying device settings, or using the device as an internal network foothold.

🟠

Likely Case

Unauthorized access to printer configuration pages, exposure of network settings, and potential access to document history or scanning functions.

🟢

If Mitigated

Limited exposure if network segmentation prevents external access and proper authentication controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be a simple path traversal/access control bypass requiring no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.gruppotim.it/it/footer/red-team.html

Restart Required: No

Instructions:

Check vendor advisory for firmware updates. If available, download and install via printer web interface or management software.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate printer network segment to prevent external access

Access Control Lists

all

Implement firewall rules to restrict access to printer management interface

🧯 If You Can't Patch

Disable web management interface if not required
Implement strict network segmentation to limit printer access to authorized management stations only

🔍 How to Verify

Check if Vulnerable:

Access printer web interface and attempt to navigate to /mngset/authset without authentication. If accessible, device is vulnerable.

Check Version:

Check printer web interface System Information page or printed configuration report for firmware version.

Verify Fix Applied:

After applying any firmware update, verify that /mngset/authset path requires proper authentication.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /mngset/authset path in web server logs
Multiple failed authentication attempts followed by successful access to restricted paths

Network Indicators:

HTTP requests to /mngset/authset without preceding authentication requests
Unusual traffic patterns to printer management interface

SIEM Query:

source="printer_logs" AND (uri_path="/mngset/authset" OR status_code=200 AND uri_path CONTAINS "authset")

📊 Metadata

CVE ID: CVE-2022-25342

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-862

Published: April 20, 2022

Last Updated: November 21, 2024

🔗 References

https://www.gruppotim.it/it/footer/red-team.html Exploit,Vendor Advisory
https://www.gruppotim.it/it/footer/red-team.html Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25342, you might also want to check these: