A newly published path traversal vulnerability could enable account takeover, data theft, and follow-on attacks at organizations using Kyocera printers and other multifunction devices.
Kyocera is a Japanese electronics manufacturer known for its multifunction printers.
As of 2021 it possessed around 7.8% of the global market share for printers in general, according to data from Statista.
On Dec. 22, the company acknowledged a vulnerability affecting its Device Manager Web application, which IT administrators use to manage one or more Kyocera office devices.
In a blog post published on Jan. 8, researchers from Trustwave Spiderlabs filled in the gaps for the bug they've labeled CVE-2023-50916.
CVE-2023-50916 allows an attacker to funnel Device Manager authentication attempts towards their own malicious server.
It has not yet been exploited in the wild, published by MITRE, or scored by the National Vulnerability Database.
It did not immediately respond to a request for comment from Dark Reading.
The issue underlying CVE-2023-50916 has to do with a minor function of the Kyocera Device Manager, which allows admins the ability to configure the backup location of a database used by the app.
Naturally, the app expects to point to a local path - a directory on the local system.
With a Web interception proxy, or simply by sending the request to the application endpoint, an attacker can coerce it into accepting a UNC path instead. An attacker who's set up their own server can intercept the app's attempt at authentication, gaining access to the credentials associated with the higher, service-level process handling all of the Device Manager functionality.
Then they can pivot and move laterally through a network.
The issue is abated, in part, by the implicit need for an attacker to already have access to a company's network before attempting the interception.
For that reason, Sigler highlights the need for companies to properly segment their IT environments.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 09 Jan 2024 21:25:26 +0000