Security vulnerabilities in our products

November 01, 2022

A security vulnerability has been identified in Kyocera Document Solutions’ MFPs and printers. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

Vulnerability description

Vulnerability number: JVN#46345126

https://jvn.jp/en/jp/JVN46345126/

  1. Session Management Defects in Command Center Vulnerability (CVE-2022-41798)
  2. Inadequate Authentication of Command Center (CVE-2022-41807)
  3. Cross-site scripting vulnerability in Command Center (CVE-2022-41830)

Countermeasures

Kyocera Document Solutions is providing firmware that addresses the security vulnerability. This vulnerability is not expected to have any impact unless it is introduced into the customer's network from the outside. Firewalls and other security measures are recommended.

Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the firmware.

Products affected by this vulnerability

For information on how this vulnerability affects products developed, manufactured, and sold by Kyocera Document Solutions, please contact your local distributor where you purchased the product.