Nature of Vulnerability:
- Type: Path Traversal Vulnerability (CVE-2023-50916)
- Impact: Allows attackers logged onto the network to manipulate the backup database path.
- Exploitation: Attackers can authenticate the path, potentially gaining access to hashed Active Directory credentials.
Exploitation Details:
- Requirement: Attacker needs network access.
- Vulnerability Description: Attackers alter the backup database path through manipulation.
- Safeguard Bypass: Kyocera had a safeguard, but it could be bypassed via web interception proxies or direct requests to the application endpoint.
- Authentication Information: Depending on IT settings, the authentication message might contain hashed Active Directory credentials (NTLM hashes), especially if NTLM traffic restriction policies are not enabled for remote servers.
Response:
- Patch Release: Kyocera addressed the vulnerability by releasing a patch in late December.
- Initial Disclosure: Trustwave researchers initially disclosed the flaw in a blog post.