CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50916
https://notcve.org/view.php?id=CVE-2023-50916
10 Jan 2024 — Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to... • https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •