JVNDB-2023-001493

[Japanese]
JVNDB-2023-001493
Multiple mobile printing apps for Android vulnerable to improper intent handling
Overview
Multiple mobile printing apps for Android are vulnerable to improper intent handling (CWE-668). Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 5.0 (Medium) [Other] Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None
Affected Products

Olivetti SpA Android app "Olivetti Mobile Print" v3.2.0.230119 and earlier TA Triumph-Adler GmbH Android app "UTAX/TA MobilePrint" v3.2.0.230119 and earlier KYOCERA Document Solutions Android app "KYOCERA Mobile Print" v3.2.0.230119 and earlier

Impact
When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.
Solution
[Update the Software] Update the affected app to the latest version according to the information provided by the developer.
Vendor Information
Olivetti SpA Olivetti SpA : Olivetti Mobile Print - Apps on Google Play (in Japanese) TA Triumph-Adler GmbH TA Triumph-Adler GmbH : TA/UTAX Mobile Print - Apps on Google Play (in Japanese) KYOCERA Document Solutions KYOCERA Document Solutions Inc. : KYOCERA Mobile Print for Android Security Vulnerability KYOCERA Document Solutions Inc. : KYOCERA Mobile Print - Apps on Google Play (in Japanese)
CWE (What is CWE?)
Exposure of Resource to Wrong Sphere(CWE-668) [Other]
CVE (What is CVE?)
CVE-2023-25954
References
JVN : JVNVU#98434809
Revision History
[2023/04/13] Web page was published


Date Public	2023/04/11
Date First Published	2023/04/13
Date Last Updated	2023/04/13

Multiple mobile printing apps for Android vulnerable to improper intent handling