Data compromise, NTLM relay attacks likely with Kyocera Device Manager bug

10 January 2024

Kyocera Device Manager instances impacted by the already patched path traversal vulnerability, tracked as CVE-2023-50916, could be targeted by threat actors to facilitate further malicious activity, including unauthorized account access and data exfiltration, reports The Hacker News. Attackers could also leverage the flaw, which could allow interception of a local path it could then change into a universal naming convention path that would be authenticated by the web app, to enable NTLM relay attacks, according to Kyocera, which has issued a fix for the security issue with Kyocera Device Manager version 3.1.1213.0.

Source: SC Magazine

Date:

10 January 2024

Categorie(s):

NEWS

Tag(s):

Data, Device Manager, IT, Kyocera, NTLM

Australia News live: Electric Fields crash out of Eurovision semi-final; half of NSW threatened species face extinction7 May 2024
#RSAC: Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds7 May 2024
Watch out for rogue DHCP servers decloaking your VPN connections7 May 2024
Major UK Security Provider Leaks Trove of Guard and Suspect Data7 May 2024
RSAC: Decoding US Government Plans to Shift the Software Security Burden7 May 2024