Skip to main content

0 replies

Kyocera Printers Open to Path Traversal Attacks

Art PostArt PostAdmin VIP

Nature of Vulnerability:

  • Type: Path Traversal Vulnerability (CVE-2023-50916)
  • Impact: Allows attackers logged onto the network to manipulate the backup database path.
  • Exploitation: Attackers can authenticate the path, potentially gaining access to hashed Active Directory credentials.

Exploitation Details:

  • Requirement: Attacker needs network access.
  • Vulnerability Description: Attackers alter the backup database path through manipulation.
  • Safeguard Bypass: Kyocera had a safeguard, but it could be bypassed via web interception proxies or direct requests to the application endpoint.
  • Authentication Information: Depending on IT settings, the authentication message might contain hashed Active Directory credentials (NTLM hashes), especially if NTLM traffic restriction policies are not enabled for remote servers.

Response:

  • Patch Release: Kyocera addressed the vulnerability by releasing a patch in late December.
  • Initial Disclosure: Trustwave researchers initially disclosed the flaw in a blog post.

If you like something I've posted please feel free to click the "like" button!

Original Post

Add Reply

Post

Membership Required

We're sorry. You must be signed in to continue. Sign In or Register
×
Are you sure you want to remove from your Block List?
×
Loading...
×
When you block a person, they can no longer invite you to a private message or post to your profile wall. Replies and comments they make will be collapsed/hidden by default. Finally, you'll never receive email notifications about content they create or likes they designate for your content.
Note: if you proceed, you will no longer be following .
×
Advanced Search
Advanced Search
Link copied to your clipboard.
×

Access to this requires a premium membership.

VIP/Premium Membership

A Premium Membership can carry you to the top of the sales ladder!

Premium Membership Includes:

  • Access to the Premium forums (I'm not going to post all of my secrets in the general forums, but I will post them in the Premium forums).
  • Unlimited downloads of all documents which include competitive proposals, Print4Pay Hotels "Pricing on the Street", competitive quotes, competitive sales orders, RFP's/RFQ's and word/xcel documents that I've created that will help you track your sales, self help sales documents, and much more!
  • As long as you're a Premium Member, you can lean on me for additional help with creative ideas of how to close the deal, add additional value with a third party solution, whatever you need in order to help WIN the deal!
  • Leads, every now and then I'll get a few leads from across the country, this is due the lead generation site I created and all the blogs I've written. A Premium Membership will enable you to receive these leads.

Follow the link on the forums to get your Premium Membership. If you're interested in a lifetime membership please send me an email arthurkpost@gmail.com and we'll send you a pay pal invoice of $399 of a LIFETIME Print4Pay Hotel membership.

$115.00 per 12 Months (plus tax if applicable)
×