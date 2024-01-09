Multi-function printer (MFP) devices and software provider Kyocera Document Solutions has a path traversal vulnerability in its web-based device manager tool used for managing large printer fleets in mid-to-large sized enterprises, according to Trustwave.

Tracked as CVE-2023-50916, the vulnerability allows an attacker to intercept access and change the local path, set on the web application as a backup location, to a Universal Naming Convention (UNC) path, attempting to authenticate an attacker-controlled share.

While a local path refers to the location of a file or directory on the local file system of a specific computer, a UNC path specifies the location of a shared resource on a network.

“Upon receiving the UNC path, Kyocera Device Manager will attempt to confirm the access and then will try to authenticate the UNC path,” Kyocera said in a security update. “The attacker can possibly exploit UNC path authentication.”

The attacker must be on the same network as the Kyocera Device Manager to exploit this vulnerability.

Using interception proxy for path traversal

The Kyocera Device Manager administrative application allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path using the GUI is rejected by the application due to the use of backslashes (“\”) as a disallowed path, according to Trustwave.