A security vulnerability in Kyocera’s Device Manager product, tracked as CVE-2023-50916, has been disclosed, presenting a risk of exploitation by malicious actors to carry out harmful activities on affected systems. Trustwave revealed that the flaw allows attackers to manipulate authentication attempts toward their own resources, such as a malicious SMB share, potentially capturing or relaying Active Directory hashed credentials.
Described as a path traversal issue, the vulnerability enables attackers to intercept and modify a local path pointing to the backup location of the database to a universal naming convention (UNC) path. This manipulation triggers the web application to authenticate the rogue UNC path, resulting in unauthorized access to clients’ accounts and data theft, with the potential for NTLM relay attacks depending on the environment configuration.
Kyocera promptly addressed the security flaw in the Device Manager by releasing version 3.1.1213.0, resolving the identified shortcomings and safeguarding against potential exploits. The vulnerability, if left unaddressed, could have serious implications, allowing attackers to compromise sensitive data and conduct unauthorized activities on affected systems.
Trustwave’s disclosure emphasizes the importance of promptly updating and patching software to mitigate security risks, highlighting the proactive measures taken by Kyocera to protect users from potential threats. The resolution of the vulnerability reflects the ongoing efforts within the cybersecurity community to address and neutralize potential risks to ensure the integrity and security of software applications.