A security vulnerability has been identified in KYOCERA Net Manager, a Document output management software provided by KYOCERA Document Solutions.
The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, Kyocera said that it has not confirmed any attacks that take advantage of this vulnerability.
- Issue 1 – Leakage of user information
In environments where KYOCERA Net Manager is used, it is possible for non-administrators to obtain the hashes of usernames and passwords managed by the KYOCERA Net Manager print server. - Issue 2 – Leakage of Print Server file list
In environments where KYOCERA Net Manager is used, you can use the browser feature to see the directory structure of Print Server and Central Server of KYOCERA Net Manager. - Issue 3 – Leakage of user information
In environments where KYOCERA Net Manager is used, non-administrators can obtain the user list managed by Print Server and Central Server of KYOCERA Net Manager by opening URL. - Issue 4 – Remote code execution
In environments where KYOCERA Net Manager is used, you can execute remote code in Print Server without privileges.
Vulnerability number: CVE-2021-31769
KYOCERA Document Solutions offers updated software to address these security vulnerabilities and recommends that users upgrade to the latest version, 8.2, to ensure system security.
A list of affected products can be found here.
