Fairfield, NJ – This notice is to inform our customers that Kyocera Document Solutions America has received vulnerability information from the security service provider “Trustwave.”
Please contact your dealer, authorized reseller, or servicing agent for a product update if you have any questions or concerns about the security of your device.
The reported vulnerability concerning Kyocera Device Manager has a Path Traversal for UNC (any shared network path) vulnerability. Path Traversal is an attack on web applications. When intercepting access, the attacker can change the local path to a UNC path. Upon receiving the UNC path, Kyocera Device Manager will attempt to confirm the access and then will try to authenticate the UNC path. The attacker can possibly exploit UNC path authentication.
There is a risk of authentication information leakage if the attacker successfully obtains the authentication information, they can gain unauthorized access to clients’ accounts, steal data, or carry out malicious activities on Kyocera product.
NOTE: The attacker must be on the same network as the Kyocera Device Manager to exploit this vulnerability.
There is no workaround; the issue will be addressed by an update.
Kyocera is scheduled to release a security update on December 22nd, 2023. The update will implement a validation function, that if a path is changed to an invalid path, the invalid path is ignored and the original valid path is still applied.
Please contact your dealer, authorized reseller, or servicing agent to confirm if your device is affected and for information on how to apply any necessary updates.
This security vulnerability requires an attacker to be logged in and have direct access to your network in order to take advantage and pose a real risk. Contact the Hotline for information on how to secure the devices on your network and apply firmware updates.
About Kyocera Document Solutions America, Inc.
Kyocera Document Solutions America, Inc. is a group company of Kyocera Document Solutions Inc., a global leading provider of total document solutions based in Osaka, Japan. The company’s portfolio includes reliable and eco-friendly MFPs and printers, as well as business applications and consultative services which enable customers to optimize and manage their document workflow, reaching new heights of efficiency. With professional expertise and a culture of empathetic partnership, the objective of the company is to help organizations put knowledge to work to drive change.
Kyocera Document Solutions Inc. is a group company of Kyocera Corporation (Kyocera), a leading supplier of semiconductor packages, industrial and automotive components, electronic devices, smart energy systems, printers, copiers, and mobile phones. During the year ended March 31, 2023, the Kyocera Group’s consolidated sales revenue totaled 2 trillion yen (approx. US$15.1 billion). Kyocera is ranked #672 on Forbes magazine’s 2023 “Global 2000” list of the world’s largest publicly traded companies, and has been named by The Wall Street Journal among “The World’s 100 Most Sustainably Managed Companies.”