Security Vulnerability in Our MFPs (Updated)

April 04, 2022
April 05, 2022 Published in the CVE Data Base

A security vulnerability has been identified in Kyocera Document Solutions’ MFPs. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

Vulnerability description

Vulnerability number: CVE-2022-1026

https://www.cve.org/CVERecord?id=CVE-2022-1026

By using SOAP-based Enhanced WSD protocol there is a possibility that the device will respond without user authentication and enable data acquisition of the registered address book despite prior settings to require user authentication.

Countermeasures

Kyocera will provide firmware for MFPs to prevent access to the address book. It is expected that there is no impact from this vulnerability, unless there is an external intrusion into the customer's network. Security measures such as Firewall are recommended. Please disable the Enhanced WSD protocol and enable the Enhanced WSD over SSL protocol.

Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the firmware.

Products affected by this vulnerability

Please refer to the following for information on the impact of this vulnerability on products developed, manufactured, and offered by Kyocera Document Solutions. For details and affected models, Please contact the distributor in the region where you purchased the product.