KYOCERA Document Solutions
Security Vulnerability in KYOCERA Device Manager (Updated)
A security vulnerability has been discovered in “KYOCERA Device Manager” a management tool provided by Kyocera Document Solutions Inc. that allows network administrators to centrally monitor devices such as MFPs and printers on the network. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
Vulnerability description
The vulnerability allows a malicious attacker to tamper with a network shared folder path in a configuration that specifies a local folder path to back up the “KYOCERA Device Manager” database. This may enable you to obtain user authentication information.
However, an attacker must enter the same environment as the network on which “KYOCERA Device Manager” is running. In addition, knowing the credentials is a prerequisite and the risk of occurrence is considered low.
Vulnerability number: CVE-2023-50916 (CWE-22)
Countermeasures
As a countermeasure, we provide a new "KYOCERA Device Manager" that addresses security vulnerability. Please install the latest driver.
*This has been addressed in the "KYOCERA Device Manager" (version 3.1.1213.0).
Products affected by this vulnerability
For more information on how this vulnerability, please contact the Sales Company in the region where you purchased the equipment.
Inquiries
Customers except within EU
KYOCERA Document Solutions Inc., Corporate Communication Section
Customers within EU
KYOCERA Document Solutions Europe B.V.
Kyocera Document Solutions Inc. ensures adherence to local data protection regulations. We have detected that your inquiry comes from within the EU. Therefore, due to the EU's General Data Protection Regulation, please note that your request will be forwarded to our regional headquarter: Kyocera Document Solutions Europe.
| * | This article is current, as of the date of publication. |
