Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.
References
Configurations
History
21 Nov 2024, 08:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html - Vendor Advisory | |
References | () https://www.trustwave.com/en-us/resources/security-resources/security-advisories/ - Third Party Advisory | |
References | () https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-001_kyocera-v2.txt - Exploit, Third Party Advisory |
19 Jan 2024, 17:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 19:15
Updated : 2024-11-21 08:37
NVD link : CVE-2023-50916
Mitre link : CVE-2023-50916
CVE.ORG link : CVE-2023-50916
JSON object : View
Products Affected
kyocera
- device_manager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')