Security Vulnerability in KYOCERA Device Manager

Paswoord vergeten?

Voer uw gebruikersnaam of e-mailadres in. We sturen u een e-mail met instructies voor het opnieuw instellen van uw wachtwoord. Als u uw gebruikersnaam bent vergeten, geen e-mail hebt ontvangen om uw wachtwoord opnieuw in te stellen of hulp nodig hebt, neem dan contact op met Kyocera Document Solutions Belgium.

A security vulnerability has been discovered in “KYOCERA Device Manager” a management tool provided by Kyocera Document Solutions Inc. that allows network administrators to centrally monitor devices such as MFPs and printers on the network.

The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

【Vulnerability description 】

The vulnerability allows a malicious attacker to tamper with a network shared folder path in aconfiguration that specifies a local folder path to back up the “KYOCERA Device database. This may enable you to obtain user authentication information.

However, an attacker must enter the same environment as the network on which “KYOCERA Device Manager” is running. In addition, knowing the credentials is a prerequisite and the risk of occurrence is considered low.

Vulnerability number: CVE-2023-50916 (CWE-40）

【Countermeasures 】

As a countermeasure, we provide a new "KYOCERA Device Manager" that addresses security vulnerability. Please install the latest software.

*This has been addressed in the "KYOCERA Device Manager" (version 3.1.1213.0).

【Products affected by this vulnerability 】

For more information on how this vulnerability, please contact our Helpdesk for Belgium and Luxembourg: https://care.kyoceradocumentsolutions.be/