Kyocera Printers Open to Path Traversal Attacks
Path Traversal Flaw Allows Malicious Actors to Exploit Kyocera's Device ManagerResearchers found a path traversal vulnerability in Kyocera's Device Manager product, which is used for overseeing large printer fleets in mid- to large-sized enterprises.
See Also: Live Webinar | Crack Australia’s Code on Ransomware: Empowering Your Last Line of Defence
The U.S. subsidiary of the Japanese company's office imaging division said exploiting the vulnerability requires an attacker to be logged onto a network "in order to take advantage and pose a real risk."
Researchers at cybersecurity firm Trustwave first disclosed the flaw in a Monday blog post. Kyocera released a patch in late December.
The vulnerability, tracked as CVE-2023-50916, is a path traversal attack. Attackers can change the local path for the backup database, promoting the print manager software to confirm access and authenticate the path.
Trustwave said Kyocera had a safeguard in place - the software GUI rejects attempts to redefine the backup database path if the new address has a slash in it - in other words, if the new path points to a networked resource called via the universal naming convention standard. Researchers got around the restriction by using a web interception proxy or by sending the new path request directly to the application endpoint.
With the new path established to an attacker-controlled networked resource, the Kyocera software responds by authenticating the path. Trustwave said that, depending on the IT environment, the authentication message includes hashed Active Directory credentials. The NTLM hashes would be included if Windows administrators did not enable the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers
policy.