Kyocera Device Manager instances impacted by the already patched path traversal vulnerability, tracked as CVE-2023-50916, could be targeted by threat actors to facilitate further malicious activity, including unauthorized account access and data exfiltration, reports The Hacker News. Attackers could also leverage the flaw, which could allow interception of a local path it could then change into a universal naming convention path that would be authenticated by the web app, to enable NTLM relay attacks, according to Kyocera, which has issued a fix for the security issue with Kyocera Device Manager version 3.1.1213.0.
Source: SC Magazine