Fairfield, NJ – This notice is to inform our customers that Kyocera Document Solutions America, Inc. has identified the following vulnerability in Kyocera Net Manager (KNM).
Please contact your dealer, authorized reseller, or servicing agent for a product update if you have any questions or concerns about the security of your device.
Vulnerability description
CVE-2024-22076
This vulnerability was identified in KNM. There is an unauthenticated remote code execution: Since an attacker can edit PHP script for KNM, they can execute an unauthenticated code remotely.
Risk summary
By executing unauthenticated code remotely, there is a risk for data leakage and malicious operation in the web application.
NOTE: The attacker must be on the same network as the KNM to exploit this vulnerability.
Countermeasure
Kyocera released an update patch (SWSO-0161) on February 17th, 2024, to address the unauthenticated remote code execution issue.
Please contact your dealer, authorized reseller, or servicing agent to confirm if your device is affected and for information on how to apply any necessary updates.
This security vulnerability requires an attacker to be logged in and have direct access to your network in order to take advantage and pose a real risk. Contact the Hotline for information on how to secure the devices on your network and apply firmware updates.
About Kyocera Document Solutions America, Inc.
Kyocera Document Solutions America, Inc. is a group company of Kyocera Document Solutions Inc., a global leading provider of total document solutions based in Osaka, Japan. The company’s portfolio includes reliable and eco-friendly MFPs and printers, as well as business applications and consultative services which enable customers to optimize and manage their document workflow, reaching new heights of efficiency. With professional expertise and a culture of empathetic partnership, the objective of the company is to help organizations put knowledge to work to drive change.
Kyocera Document Solutions Inc. is a group company of Kyocera Corporation (Kyocera), a leading supplier of semiconductor packages, industrial and automotive components, electronic devices, smart energy systems, printers, copiers, and mobile phones. During the year ended March 31, 2023, the Kyocera Group’s consolidated sales revenue totaled 2 trillion yen (approx. US$15.1 billion). Kyocera is ranked #672 on Forbes magazine’s 2023 “Global 2000” list of the world’s largest publicly traded companies, and has been named by The Wall Street Journal among “The World’s 100 Most Sustainably Managed Companies.”