Kyocera’s Device Manager product [1] [2] [3] [4] [5] [6] [7] [8], used for managing large printer fleets in mid- to large-sized enterprises [1] [6], had a security vulnerability that could have been exploited by hackers [2] [8], according to Trustwave SpiderLab’s Senior Technical Specialist [2] [8].
Description
The flaw, known as CVE-2023-50916 [1] [2] [3] [5] [6] [8], allowed attackers who were logged onto the network to exploit the system. By intercepting and altering a local path pointing to the backup location of the database [5], attackers could gain unauthorized access to clients’ accounts and steal data. Additionally, this vulnerability could be exploited for NTLM relay attacks. Kyocera had implemented a safeguard to prevent the redefinition of the backup database path [1], but researchers found a way around it using a web interception proxy or by directly sending a new path request to the application endpoint [1]. Trustwave Spiderlabs expects this vulnerability to be ranked as a medium severity vulnerability with a base score of around 5.6 [4]. In response, Kyocera released a patch [1] [2] [3] [4] [6] [8], version 3.1.1213.0 [2] [3] [5] [7] [8], in late December to address the issue. It is crucial for users to promptly update and patch their Device Manager software to mitigate security risks.
Conclusion
This incident highlights the ongoing efforts in the cybersecurity community to address and neutralize potential risks [3]. Users should take immediate action to update and patch their Device Manager software to minimize the impact of this vulnerability. It also underscores the importance of implementing robust security measures to protect sensitive data in enterprise environments.
References
[1] https://www.inforisktoday.com/kyocera-printers-open-to-path-traversal-attacks-a-24063
[2] https://www.bom-post.com/2024/01/09/kyocera-device-manager-found-to-have-serious-security-flaws/
[3] https://cybermaterial.com/kyocera-security-flaw-resolved/
[4] https://www.darkreading.com/vulnerabilities-threats/path-traversal-bug-kyocera-office-printers
[5] https://owasp.or.id/2024/01/09/new-vulnerabilities-discovered-in-qnap-and-kyocera-device-manager/
[6] https://ciso2ciso.com/kyocera-printers-open-to-path-traversal-attacks-source-www-govinfosecurity-com/
[7] https://tonernews.com/forums/topic/alert-new-vulnerabilities-discovered-in-qnap-and-kyocera-device-manager/
[8] https://www.techradar.com/pro/security/kyocera-device-manager-found-to-have-serious-security-flaws
