[Japanese]

JVNDB-2023-001493

Multiple mobile printing apps for Android vulnerable to improper intent handling

Overview

Multiple mobile printing apps for Android are vulnerable to improper intent handling (CWE-668).

Johan Francsics reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.0 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
Affected Products


Olivetti
  • Android app "Olivetti Mobile Print" v3.2.0.230119 and earlier
TA Triumph-Adler GmbH
  • Android app "UTAX/TA MobilePrint" v3.2.0.230119 and earlier
KYOCERA Document Solutions
  • Android app "KYOCERA Mobile Print" v3.2.0.230119 and earlier

Impact

When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.
Solution

[Update the Software]
Update the affected app to the latest version according to the information provided by the developer.
Vendor Information

Olivetti SpA TA Triumph-Adler GmbH KYOCERA Document Solutions
CWE (What is CWE?)

  1. Exposure of Resource to Wrong Sphere(CWE-668) [Other]
CVE (What is CVE?)

  1. CVE-2023-25954
References

  1. JVN : JVNVU#98434809
  2. National Vulnerability Database (NVD) : CVE-2023-25954
Revision History

  • [2023/04/13]
      Web page was published
  • [2024/05/30]
      References : Content was added

Date Public2023/04/11
Date First Published2023/04/13
Date Last Updated2024/05/30