CVE-2023-50916
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.
Kyocera Device Manager anterior a 3.1.1213.0 permite la exposición de credenciales NTLM durante la autenticación de ruta UNC mediante un cambio manipulado de una ruta local a una ruta UNC. Permite a los administradores configurar la ubicación de la copia de seguridad de la base de datos utilizada por la aplicación. Se rechaza el intento de cambiar esta ubicación a una ruta UNC a través de la GUI debido al uso de un carácter \ (backslash), que se supone no está permitido en un nombre de ruta. Interceptar y modificar esta solicitud a través de un proxy, o enviar la solicitud directamente al endpoint de la aplicación, permite establecer rutas UNC para la ubicación de la copia de seguridad. Una vez establecida dicha ubicación, Kyocera Device Manager intenta confirmar el acceso e intentará autenticarse en la ruta UNC; Dependiendo de la configuración del entorno, esto puede autenticarse en la UNC con hashes NTLM de Windows. Esto podría permitir la retransmisión de credenciales NTLM o ataques de cracking.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-15 CVE Reserved
- 2024-01-10 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.trustwave.com/en-us/resources/security-resources/security-advisories | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-001_kyocera-v2.txt | 2024-08-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kyocera Search vendor "Kyocera" | Device Manager Search vendor "Kyocera" for product "Device Manager" | < 3.1.1213.0 Search vendor "Kyocera" for product "Device Manager" and version " < 3.1.1213.0" | - |
Affected
|