A security vulnerability has been identified in KYOCERA Net Manager a Document output management software provided by KYOCERA Document Solutions. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
Vulnerability description
Issue 1. Leakage of user information
In environments where KYOCERA Net Manager is used, it is possible for
non-administrators to obtain the hashes of usernames and passwords managed by the KYOCERA Net Manager print server.
Issue 2. Leakage of Print Server file list
In environments where KYOCERA Net Manager is used, you can use the browser feature to see the directory structure of Print Server and Central Server of KYOCERA Net Manager.
Issue 3. Leakage of user information
In environments where KYOCERA Net Manager is used, non-administrators can obtain the user list managed by Print Server and Central Server of KYOCERA Net Manager by opening URL.
Issue 4. Remote code Execution
In environments where KYOCERA Net Manager is used, you can execute remote code in Print Server without privileges.
Vulnerability number: CVE-2021-31769
Countermeasures
KYOCERA Document Solutions offers updated software to address security vulnerabilities. We recommend that you upgrade to the latest version, 8.2, to ensure system security.
Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the software.
Products affected by this vulnerability
For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.
Click here for more information
