Change language

Change country

Kyocera Device Manager CVE-2023-50196 Vulnerability Solution Update

12/22/23

Fairfield, NJ – This notice is to inform our customers that Kyocera Document Solutions America has received vulnerability information from the security service provider “Trustwave.”

Please contact your dealer, authorized reseller, or servicing agent for a product update if you have any questions or concerns about the security of your device.

Vulnerability description

Trustwave CVE-2023-50916

The reported vulnerability concerning Kyocera Device Manager has a Path Traversal for UNC (any shared network path) vulnerability. Path Traversal is an attack on web applications. When intercepting access, the attacker can change the local path to a UNC path. Upon receiving the UNC path, Kyocera Device Manager will attempt to confirm the access and then will try to authenticate the UNC path. The attacker can possibly exploit UNC path authentication.

Risk summary

There is a risk of authentication information leakage if the attacker successfully obtains the authentication information, they can gain unauthorized access to clients’ accounts, steal data, or carry out malicious activities on Kyocera product.

NOTE: The attacker must be on the same network as the Kyocera Device Manager to exploit this vulnerability.

Countermeasure

There is no workaround; the issue will be addressed by an update.

Kyocera is scheduled to release a security update on December 22nd, 2023. The update will implement a validation function, that if a path is changed to an invalid path, the invalid path is ignored and the original valid path is still applied.

Please contact your dealer, authorized reseller, or servicing agent to confirm if your device is affected and for information on how to apply any necessary updates.

This security vulnerability requires an attacker to be logged in and have direct access to your network in order to take advantage and pose a real risk. Contact the Hotline for information on how to secure the devices on your network and apply firmware updates.

 

About Kyocera Document Solutions America, Inc.

Kyocera Document Solutions America, Inc. is a group company of Kyocera Document Solutions Inc., a global leading provider of total document solutions based in Osaka, Japan. The company’s portfolio includes reliable and eco-friendly MFPs and printers, as well as business applications and consultative services which enable customers to optimize and manage their document workflow, reaching new heights of efficiency. With professional expertise and a culture of empathetic partnership, the objective of the company is to help organizations put knowledge to work to drive change.

Kyocera Document Solutions Inc. is a group company of Kyocera Corporation (Kyocera), a leading supplier of semiconductor packages, industrial and automotive components, electronic devices, smart energy systems, printers, copiers, and mobile phones. During the year ended March 31, 2023, the Kyocera Group’s consolidated sales revenue totaled 2 trillion yen (approx. US$15.1 billion). Kyocera is ranked #672 on Forbes magazine’s 2023 “Global 2000” list of the world’s largest publicly traded companies, and has been named by The Wall Street Journal among “The World’s 100 Most Sustainably Managed Companies.”

Cookies and your privacy

We use: Essential cookies to maintain the proper functioning of our website; Statistical cookies to collect information about how you use our site, such as which pages you visit and which links you click on, to analyze visitor interactions with our website and generate aggregate, anonymized reporting to understand and improve our website; and Marketing cookies to tailor advertising to fit your demonstrated interests. Please use the 'Cookie Preferences' button to select your preference. Select 'Accept All' to experience our website with the functionality of all cookies or select "Essential Only" to limit functionality to maintaining the proper functioning of our website.

Cookie Preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.