Security vulnerabilities in our company document output management software

March 15, 2023 Security Information

A security vulnerability has been identified in KYOCERA Net Manager a Document output management software provided by KYOCERA Document Solutions. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

Vulnerability description

Issue 1. Leakage of user information

In environments where KYOCERA Net Manager is used, it is possible for non-administrators to obtain the hashes of usernames and passwords managed by the KYOCERA Net Manager print server.

Issue 2. Leakage of Print Server file list

In environments where KYOCERA Net Manager is used, you can use the browser feature to see the directory structure of Print Server and Central Server of KYOCERA Net Manager.

Vulnerability number: CVE-2023-27107

Issue 3. Leakage of user information

In environments where KYOCERA Net Manager is used, non-administrators can obtain the user list managed by Print Server and Central Server of KYOCERA Net Manager by opening URL.

Vulnerability number: CVE-2021-31769

Issue 4. Remote code Execution

In environments where KYOCERA Net Manager is used, you can execute remote code in Print Server without privileges.

Vulnerability number: CVE-2021-31769

Countermeasures

KYOCERA Document Solutions offers updated software to address security vulnerabilities. We recommend that you upgrade to the latest version, 8.2, to ensure system security.

Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the software.

Products affected by this vulnerability

For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.

Inquiries

Customers except within EU

KYOCERA Document Solutions Inc., Corporate Communication Section

Mail

Customers within EU

KYOCERA Document Solutions Europe B.V.

Mail

Kyocera Document Solutions Inc. ensures adherence to local data protection regulations. We have detected that your inquiry comes from within the EU. Therefore, due to the EU's General Data Protection Regulation, please note that your request will be forwarded to our regional headquarter: Kyocera Document Solutions Europe.

*This article is current, as of the date of publication.

Put knowledge to work.

Kyocera Document Solutions has championed innovative technology since 1934. We enable our customers to turn information into knowledge, excel at learning and surpass others. With professional expertise and a culture of empathetic partnership, we help organizations put knowledge to work to drive change.