Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by OKI
CVE-2020-37229 (GCVE-0-2020-37229)
Vulnerability from nvd – Published: 2026-05-16 15:25 – Updated: 2026-05-18 12:46
VLAI
Title
OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation
Summary
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49005 | exploit |
| https://www.oki.com/ | product |
| https://www.oki.com/mx/printing/download/sPSV_010… | product |
| https://www.vulncheck.com/advisories/oki-spsv-por… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oki | OKI sPSV Port Manager |
Affected:
1.0.41
|
Date Public
2020-11-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37229",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:46:26.147299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:46:33.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OKI sPSV Port Manager",
"vendor": "Oki",
"versions": [
{
"status": "affected",
"version": "1.0.41"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julio Avi\u00f1a"
}
],
"datePublic": "2020-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T15:25:47.184Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49005",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49005"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.oki.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://www.oki.com/mx/printing/download/sPSV_010041_2_270910.exe"
},
{
"name": "VulnCheck Advisory: OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/oki-spsv-port-manager-unquoted-service-path-privilege-escalation"
}
],
"title": "OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37229",
"datePublished": "2026-05-16T15:25:47.184Z",
"dateReserved": "2026-05-15T13:33:15.509Z",
"dateUpdated": "2026-05-18T12:46:33.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47887 (GCVE-0-2021-47887)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-01-22 16:51
VLAI
Title
Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
Summary
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49623 | exploit |
| https://web.archive.org/web/20211207181409/https:… | product |
| https://www.vulncheck.com/advisories/print-job-ac… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OKI | Print Job Accounting |
Affected:
4.4.10
|
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47887",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:46:48.734844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:51:20.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Print Job Accounting",
"vendor": "OKI",
"versions": [
{
"status": "affected",
"version": "4.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\Program Files\\Okidata\\Print Job Accounting\\\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:54.343Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49623",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49623"
},
{
"name": "Archived OKI Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20211207181409/https://www.oki.com/me/printing/services-and-solutions/smart-solutions/print-job-accounting/index.html"
},
{
"name": "VulnCheck Advisory: Print Job Accounting 4.4.10 - \u0027OkiJaSvc\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/print-job-accounting-okijasvc-unquoted-service-path"
}
],
"title": "Print Job Accounting 4.4.10 - \u0027OkiJaSvc\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47887",
"datePublished": "2026-01-21T17:27:54.343Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-22T16:51:20.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47884 (GCVE-0-2021-47884)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:29
VLAI
Title
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
Summary
OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49624 | exploit |
| https://web.archive.org/web/20211207181409/https:… | product |
| https://www.vulncheck.com/advisories/configuratio… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OKI | Configuration Tool |
Affected:
1.6.53
|
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:46:52.754568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:51:30.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Configuration Tool",
"vendor": "OKI",
"versions": [
{
"status": "affected",
"version": "1.6.53"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:iu_configuration_tool:1.6.53:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\Program Files\\Okidata\\Common\\extend3\\portmgrsrv.exe\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:06.727Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49624",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49624"
},
{
"name": "Archived OKI Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20211207181409/https://www.oki.com/me/printing/services-and-solutions/smart-solutions/print-job-accounting/index.html"
},
{
"name": "VulnCheck Advisory: Configuration Tool 1.6.53 - \u0027OpLclSrv\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/configuration-tool-oplclsrv-unquoted-service-path"
}
],
"title": "Configuration Tool 1.6.53 - \u0027OpLclSrv\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47884",
"datePublished": "2026-01-21T17:27:53.348Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-03-05T01:29:06.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37229 (GCVE-0-2020-37229)
Vulnerability from cvelistv5 – Published: 2026-05-16 15:25 – Updated: 2026-05-18 12:46
VLAI
Title
OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation
Summary
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49005 | exploit |
| https://www.oki.com/ | product |
| https://www.oki.com/mx/printing/download/sPSV_010… | product |
| https://www.vulncheck.com/advisories/oki-spsv-por… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oki | OKI sPSV Port Manager |
Affected:
1.0.41
|
Date Public
2020-11-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37229",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:46:26.147299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:46:33.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OKI sPSV Port Manager",
"vendor": "Oki",
"versions": [
{
"status": "affected",
"version": "1.0.41"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julio Avi\u00f1a"
}
],
"datePublic": "2020-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T15:25:47.184Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49005",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49005"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.oki.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://www.oki.com/mx/printing/download/sPSV_010041_2_270910.exe"
},
{
"name": "VulnCheck Advisory: OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/oki-spsv-port-manager-unquoted-service-path-privilege-escalation"
}
],
"title": "OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37229",
"datePublished": "2026-05-16T15:25:47.184Z",
"dateReserved": "2026-05-15T13:33:15.509Z",
"dateUpdated": "2026-05-18T12:46:33.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47887 (GCVE-0-2021-47887)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-01-22 16:51
VLAI
Title
Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
Summary
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49623 | exploit |
| https://web.archive.org/web/20211207181409/https:… | product |
| https://www.vulncheck.com/advisories/print-job-ac… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OKI | Print Job Accounting |
Affected:
4.4.10
|
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47887",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:46:48.734844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:51:20.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Print Job Accounting",
"vendor": "OKI",
"versions": [
{
"status": "affected",
"version": "4.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\Program Files\\Okidata\\Print Job Accounting\\\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:54.343Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49623",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49623"
},
{
"name": "Archived OKI Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20211207181409/https://www.oki.com/me/printing/services-and-solutions/smart-solutions/print-job-accounting/index.html"
},
{
"name": "VulnCheck Advisory: Print Job Accounting 4.4.10 - \u0027OkiJaSvc\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/print-job-accounting-okijasvc-unquoted-service-path"
}
],
"title": "Print Job Accounting 4.4.10 - \u0027OkiJaSvc\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47887",
"datePublished": "2026-01-21T17:27:54.343Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-22T16:51:20.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47884 (GCVE-0-2021-47884)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:29
VLAI
Title
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
Summary
OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49624 | exploit |
| https://web.archive.org/web/20211207181409/https:… | product |
| https://www.vulncheck.com/advisories/configuratio… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OKI | Configuration Tool |
Affected:
1.6.53
|
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:46:52.754568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:51:30.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Configuration Tool",
"vendor": "OKI",
"versions": [
{
"status": "affected",
"version": "1.6.53"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:iu_configuration_tool:1.6.53:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\Program Files\\Okidata\\Common\\extend3\\portmgrsrv.exe\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:06.727Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49624",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49624"
},
{
"name": "Archived OKI Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20211207181409/https://www.oki.com/me/printing/services-and-solutions/smart-solutions/print-job-accounting/index.html"
},
{
"name": "VulnCheck Advisory: Configuration Tool 1.6.53 - \u0027OpLclSrv\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/configuration-tool-oplclsrv-unquoted-service-path"
}
],
"title": "Configuration Tool 1.6.53 - \u0027OpLclSrv\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47884",
"datePublished": "2026-01-21T17:27:53.348Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-03-05T01:29:06.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-200801-0123
Vulnerability from variot - Updated: 2024-02-22 22:42OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. The OKI C5510MFP Printer is prone to an unauthorized-access vulnerability because it obtains configuration details and administrator passwords in an insecure manner. An attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: OKI C5510MFP Configuration Interface Security Issues
SECUNIA ADVISORY ID: SA28553
VERIFY ADVISORY: http://secunia.com/advisories/28553/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: OKI C5550MFP http://secunia.com/product/17253/
DESCRIPTION: Compass Security AG has reported two security issues in OKI C5510MFP, which can be exploited by malicious people to disclose sensitive information and to bypass certain security restrictions.
1) A security issue is caused due to the configuration of the printer being sent in clear text when connecting to TCP ports 5548 or 7777. This can be exploited to obtain the administration password by connecting to the affected ports.
2) The problem is that the password can be reset without authentication. This can be exploited to gain access to the configuration interface. Other versions may also be affected.
SOLUTION: Restrict network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Compass Security AG
ORIGINAL ADVISORY: http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c5510mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "oki",
"version": "1.01"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": "cu h2.15 , pu 01.03.01 , system f/w 1.01 , web page 1.00"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": null
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.6,
"vendor": "oki printing",
"version": "cu_h2.15"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.6,
"vendor": "oki printing",
"version": "system_fw_1.01"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.6,
"vendor": "oki printing",
"version": "web_page_1.00"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.6,
"vendor": "oki printing",
"version": "pu_01.03.01"
},
{
"model": "printing solutions c5510 mfp printer",
"scope": "eq",
"trust": 0.3,
"vendor": "oki",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oki:c5510mfp_firmware:1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oki:c5510mfp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Leuenberger is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "27339"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
}
],
"trust": 0.9
},
"cve": "CVE-2008-0374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-0374",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-30499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2008-0374",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0374",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-325",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-30499",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. The OKI C5510MFP Printer is prone to an unauthorized-access vulnerability because it obtains configuration details and administrator passwords in an insecure manner. \nAn attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nOKI C5510MFP Configuration Interface Security Issues\n\nSECUNIA ADVISORY ID:\nSA28553\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28553/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nOKI C5550MFP\nhttp://secunia.com/product/17253/\n\nDESCRIPTION:\nCompass Security AG has reported two security issues in OKI C5510MFP,\nwhich can be exploited by malicious people to disclose sensitive\ninformation and to bypass certain security restrictions. \n\n1) A security issue is caused due to the configuration of the printer\nbeing sent in clear text when connecting to TCP ports 5548 or 7777. \nThis can be exploited to obtain the administration password by\nconnecting to the affected ports. \n\n2) The problem is that the password can be reset without\nauthentication. This can be exploited to gain access to the\nconfiguration interface. Other versions may also be affected. \n\nSOLUTION:\nRestrict network access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nCompass Security AG\n\nORIGINAL ADVISORY:\nhttp://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0374"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "PACKETSTORM",
"id": "62775"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0374",
"trust": 3.6
},
{
"db": "BID",
"id": "27339",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "28553",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3569",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966",
"trust": 0.8
},
{
"db": "XF",
"id": "39775",
"trust": 0.6
},
{
"db": "XF",
"id": "5510",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080117 [CSNC] OKI C5510MFP PRINTER PASSWORD DISCLOSURE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62775",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"id": "VAR-200801-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30499"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-22T22:42:05.608000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.okiprintingsolutions.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27339"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28553"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3569"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0374"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/486511/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39775"
},
{
"trust": 0.3,
"url": "http://www.okiprintingsolutions.com"
},
{
"trust": 0.3,
"url": "/archive/1/486511"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17253/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30499"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-30499"
},
{
"date": "2008-01-17T00:00:00",
"db": "BID",
"id": "27339"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"date": "2008-01-19T00:33:48",
"db": "PACKETSTORM",
"id": "62775"
},
{
"date": "2008-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"date": "2008-01-22T20:00:00",
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30499"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "27339"
},
{
"date": "2024-02-22T00:54:00",
"db": "JVNDB",
"id": "JVNDB-2008-003966"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-325"
},
{
"date": "2024-01-25T20:41:45.390000",
"db": "NVD",
"id": "CVE-2008-0374"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OKI\u00a0C5510MFP\u00a0Printer\u00a0CU\u00a0 Vulnerability that allows administrator passwords to be obtained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003966"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-325"
}
],
"trust": 0.6
}
}
VAR-200801-0124
Vulnerability from variot - Updated: 2023-12-18 13:05Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. An attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: OKI C5510MFP Configuration Interface Security Issues
SECUNIA ADVISORY ID: SA28553
VERIFY ADVISORY: http://secunia.com/advisories/28553/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: OKI C5550MFP http://secunia.com/product/17253/
DESCRIPTION: Compass Security AG has reported two security issues in OKI C5510MFP, which can be exploited by malicious people to disclose sensitive information and to bypass certain security restrictions.
1) A security issue is caused due to the configuration of the printer being sent in clear text when connecting to TCP ports 5548 or 7777. This can be exploited to obtain the administration password by connecting to the affected ports.
2) The problem is that the password can be reset without authentication. This can be exploited to gain access to the configuration interface. Other versions may also be affected.
SOLUTION: Restrict network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Compass Security AG
ORIGINAL ADVISORY: http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 1.0,
"vendor": "oki printing",
"version": "*"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": "cu h2.15"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": "pu 01.03.01"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": "system f/w 1.01"
},
{
"model": "c5510 mfp printer",
"scope": "eq",
"trust": 0.8,
"vendor": "oki printing",
"version": "and web page 1.00"
},
{
"model": "c5510 mfp printer",
"scope": null,
"trust": 0.6,
"vendor": "oki printing",
"version": null
},
{
"model": "printing solutions c5510 mfp printer",
"scope": "eq",
"trust": 0.3,
"vendor": "oki",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oki_printing_solutions:c5510_mfp_printer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Leuenberger",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-0375",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-30500",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0375",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-326",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-30500",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. \nAn attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nOKI C5510MFP Configuration Interface Security Issues\n\nSECUNIA ADVISORY ID:\nSA28553\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28553/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nOKI C5550MFP\nhttp://secunia.com/product/17253/\n\nDESCRIPTION:\nCompass Security AG has reported two security issues in OKI C5510MFP,\nwhich can be exploited by malicious people to disclose sensitive\ninformation and to bypass certain security restrictions. \n\n1) A security issue is caused due to the configuration of the printer\nbeing sent in clear text when connecting to TCP ports 5548 or 7777. \nThis can be exploited to obtain the administration password by\nconnecting to the affected ports. \n\n2) The problem is that the password can be reset without\nauthentication. This can be exploited to gain access to the\nconfiguration interface. Other versions may also be affected. \n\nSOLUTION:\nRestrict network access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nCompass Security AG\n\nORIGINAL ADVISORY:\nhttp://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "PACKETSTORM",
"id": "62775"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0375",
"trust": 2.8
},
{
"db": "BID",
"id": "27339",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "28553",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3569",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080117 [CSNC] OKI C5510MFP PRINTER PASSWORD DISCLOSURE",
"trust": 0.6
},
{
"db": "XF",
"id": "39776",
"trust": 0.6
},
{
"db": "XF",
"id": "5510",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62775",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"id": "VAR-200801-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30500"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:05:40.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.okiprintingsolutions.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27339"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28553"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3569"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39776"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0375"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/486511/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39776"
},
{
"trust": 0.3,
"url": "http://www.okiprintingsolutions.com"
},
{
"trust": 0.3,
"url": "/archive/1/486511"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17253/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30500"
},
{
"db": "BID",
"id": "27339"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"db": "PACKETSTORM",
"id": "62775"
},
{
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-30500"
},
{
"date": "2008-01-17T00:00:00",
"db": "BID",
"id": "27339"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"date": "2008-01-19T00:33:48",
"db": "PACKETSTORM",
"id": "62775"
},
{
"date": "2008-01-22T20:00:00",
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"date": "2008-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30500"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "27339"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003967"
},
{
"date": "2018-10-15T21:59:11.563000",
"db": "NVD",
"id": "CVE-2008-0375"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OKI C5510MFP Printer CU Vulnerability to obtain administrator access rights",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-326"
}
],
"trust": 0.6
}
}