Foi identificada uma vulnerabilidade de segurança no KYOCERA Net Manager um software de gestão de documentos fornecido pela KYOCERA Document Solutions. O seguinte é uma visão geral da questão e de como resolvê-la. A partir da data de publicação deste aviso, não confirmamos quaisquer ataques que tirem partido desta vulnerabilidade.
Vulnerability description
Issue 1. Leakage of user information
In environments where KYOCERA Net Manager is used, it is possible for
non-administrators to obtain the hashes of usernames and passwords managed by the KYOCERA Net Manager print server.
Issue 2. Leakage of Print Server file list
In environments where KYOCERA Net Manager is used, you can use the browser feature to see the directory structure of Print Server and Central Server of KYOCERA Net Manager.
Issue 3. Leakage of user information
In environments where KYOCERA Net Manager is used, non-administrators can obtain the user list managed by Print Server and Central Server of KYOCERA Net Manager by opening URL.
Issue 4. Remote code Execution
In environments where KYOCERA Net Manager is used, you can execute remote code in Print Server without privileges.
Vulnerability number: CVE-2021-31769
Countermeasures
KYOCERA Document Solutions offers updated software to address security vulnerabilities. We recommend that you upgrade to the latest version, 8.2, to ensure system security.
Please contact the Kyocera Document Solutions sales company / partner in your region for information on changing the software.
Products affected by this vulnerability
For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.
Click here for more information
