Security vulnerabilities in our company document output management software

March 15, 2023

A security vulnerability has been identified in KYOCERA Net Manager a Document output management software provided by KYOCERA Document Solutions. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

Vulnerability description

Issue 1. Leakage of user information

In environments where KYOCERA Net Manager is used, it is possible for non-administrators to obtain the hashes of usernames and passwords managed by the KYOCERA Net Manager print server.

Issue 2. Leakage of Print Server file list

In environments where KYOCERA Net Manager is used, you can use the browser feature to see the directory structure of Print Server and Central Server of KYOCERA Net Manager.

Vulnerability number: CVE-2023-27107

Issue 3. Leakage of user information

In environments where KYOCERA Net Manager is used, non-administrators can obtain the user list managed by Print Server and Central Server of KYOCERA Net Manager by opening URL.

Vulnerability number: CVE-2021-31769

Issue 4. Remote code Execution

In environments where KYOCERA Net Manager is used, you can execute remote code in Print Server without privileges.

Vulnerability number: CVE-2021-31769

Countermeasures

KYOCERA Document Solutions offers updated software to address security vulnerabilities. We recommend that you upgrade to the latest version, 8.2, to ensure system security.

Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the software.

Products affected by this vulnerability

For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.