Kyocera Device Manager appears to contain serious security flaws
Kyocera’s Device Manager software, which allows IT managers to monitor and manage large numbers of Kyocera printers and multifunction devices, contained a vulnerability that could have been exploited by hackers and other threat actors, said Jordan Hedges, Senior Technical Specialist at Trustwave SpiderLab.
In a technical article posted on Trustwave websitethe company explained that the flaw “allows attackers to force authentication attempts on their own resources, such as a malicious SMB share, to capture or pass hashed Active Directory credentials if the security policy ‘Restrict NTLM: Outbound NTLM traffic to remote servers’ is set. not turned on.”
The vulnerability is now listed as CVE-2023-50916 and is described as a path traversal issue that could allow attackers to intercept and modify the local path pointing to the database backup location to a Universal Path (UNC) path. Naming Convention).
Patched endpoints
As a result, the app will attempt to authenticate the malicious UNC path, giving attackers access to customer accounts and sensitive data. Hedges also explained that the attackers could even exploit the flaw to conduct NTLM relay attacks, if the environment’s configuration allows it.
Kyocera has addressed the issue by releasing a patch, so those interested in keeping their endpoints secure should make sure their Device Manager has version 3.1.1213.0.
There is no evidence that the bug is being exploited in the wild, but when news of a patch breaks, threat actors typically begin scanning the internet for vulnerable endpoints. Since many IT teams fail to keep their systems continuously up to date, the risk of exploitation is now even greater than when the flaw was a zero-day.
“We value vendors like Kyocera for their transparency and commitment to security,” Trustwave concluded.