Security vulnerabilities in our products
A security vulnerability has been identified in Kyocera Document Solutions’ MFPs and printers. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
Vulnerability description
Vulnerability number: JVN#46345126
https://jvn.jp/en/jp/JVN46345126/
- Session Management Defects in Command Center Vulnerability (CVE-2022-41798)
- Inadequate Authentication of Command Center (CVE-2022-41807)
- Cross-site scripting vulnerability in Command Center (CVE-2022-41830)
Countermeasures
Kyocera Document Solutions is providing firmware that addresses the security vulnerability. This vulnerability is not expected to have any impact unless it is introduced into the customer's network from the outside. Firewalls and other security measures are recommended.
Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the firmware.
Products affected by this vulnerability
For information on how this vulnerability affects products developed, manufactured, and sold by Kyocera Document Solutions, please contact your local distributor where you purchased the product.