CVE-2023-50916

Name of the Vulnerable Software and Affected Versions Kyocera Device Manager versions prior to 3.1.1213.0

Description The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to bypass the authentication process. The vulnerability can be exploited by intercepting and modifying a request via a proxy or sending the request directly to the application endpoint, allowing UNC paths to be set for the backup location. This could lead to NTLM credential relaying or cracking attacks, depending on the environment configuration.

Recommendations For Kyocera Device Manager versions prior to 3.1.1213.0, update to version 3.1.1213.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the UNC path authentication feature until a patch is available. Avoid using the `` (backslash) character in pathname configurations to minimize the risk of exploitation.