Recently, it has been discovered that Kyocera’s Device Manager harbours a security vulnerability, opening the door for potential malicious activities on compromised systems.

“This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the ‘Restrict NTLM: Outgoing NTLM traffic to remote servers’ security policy is not enabled,” according to Trustwave.

Last month, Kyocera issued a warning regarding the vulnerability tracked as CVE-2023-50916. The advisory outlines the issue as a path traversal vulnerability, allowing attackers to intercept and modify a local path from the database backup site to a UNC path.

Consequently, the web app attempts to authenticate the manipulated UNC route, potentially resulting in data theft and unauthorized access to client accounts. Moreover, depending on the environment’s configuration, this vulnerability could open the door to NTLM relay attacks.

The good news is that version 3.1.1213.0 of Kyocera Device Manager addresses and resolves this issue.

Updates for Multiple Issues Announced by QNAP#

QNAP has recently announced updates addressing multiple issues, coinciding with the patching of various vulnerabilities. Critical fixes have been applied to QuMagie, Video Station, Netatalk, QTS, and QuTS hero.

One notable vulnerability, CVE-2023-39296, involves a prototype pollution vulnerability. This flaw could potentially allow remote attackers to “override existing attributes with ones that have an incompatible type, which may cause the system to crash.”

The problem has been successfully addressed in the most recent versions of QTS and QuTS Hero, namely 5.1.3.2578 and 20231110, respectively.

What follows is a synopsis of the other significant problems:

CVE-2023-47559: Addressed in QuMagie versions 2.2.1 and later, this vulnerability may allow authenticated users to inject malicious code via a network.

CVE-2023-47560: Found in QuMagie versions 2.2.1 and later, this vulnerability in the operating system could enable authorized users to execute commands remotely.

CVE-2023-41287: Addressed in Video Station versions 5.7.2 and later, this is an SQL injection vulnerability that allows users to insert malicious code over a network.

CVE-2023-41288: Video Station versions 5.7.2 and later are vulnerable to this operating system command injection issue. It could enable users to execute commands via a network.

CVE-2022-43634: Addressed in QTS 5.1.3.2578 build 20231110 and QuTS hero h5.1.3.2578 build 20231110, this vulnerability in Netatalk could allow an attacker to execute arbitrary code via unauthenticated remote code execution.

It’s advised that users update their installations to the latest versions to mitigate any potential risks, even though there’s no evidence suggesting these issues have been exploited in the wild.

SOURCE