// For flags

CVE-2023-50916

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.

Kyocera Device Manager anterior a 3.1.1213.0 permite la exposición de credenciales NTLM durante la autenticación de ruta UNC mediante un cambio manipulado de una ruta local a una ruta UNC. Permite a los administradores configurar la ubicación de la copia de seguridad de la base de datos utilizada por la aplicación. Se rechaza el intento de cambiar esta ubicación a una ruta UNC a través de la GUI debido al uso de un carácter \ (backslash), que se supone no está permitido en un nombre de ruta. Interceptar y modificar esta solicitud a través de un proxy, o enviar la solicitud directamente al endpoint de la aplicación, permite establecer rutas UNC para la ubicación de la copia de seguridad. Una vez establecida dicha ubicación, Kyocera Device Manager intenta confirmar el acceso e intentará autenticarse en la ruta UNC; Dependiendo de la configuración del entorno, esto puede autenticarse en la UNC con hashes NTLM de Windows. Esto podría permitir la retransmisión de credenciales NTLM o ataques de cracking.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-15 CVE Reserved
  • 2024-01-10 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-11-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kyocera
Search vendor "Kyocera"
Device Manager
Search vendor "Kyocera" for product "Device Manager"
< 3.1.1213.0
Search vendor "Kyocera" for product "Device Manager" and version " < 3.1.1213.0"
-
Affected