Change language
Change country

KYOCERA Command Center RX (CCRX) Security Vulnerability

We would like to inform you that a security vulnerability has been confirmed in KYOCERA Command Center RX (hereinafter referred to as "CCRX"), which allows users to check and change various settings of multifunction devices provided by Kyocera Document Solutions over the network. 

The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability. 
 

【Vulnerability description】

1. Path Traversal 

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.  

Vulnerability number: CVE-2023-34259

2. Denial of Service (DoS) 

There is a vulnerability that makes CCRX unusable by a DoS attack. By manipulating the value of the file path, CCRX may become unresponsive. 

Vulnerability number: CVE-2023-34260

3. User Enumeration

By trying to login many times, an attacker can grasp if there is a login username in data base for device at CCRX login. 

Vulnerability number: CVE-2023-34261
 

【Countermeasures】

As a countermeasure, we provide firmware that controls the paths managed by CCRX. Please contact your local distributor to apply the firmware. 

For protecting "3. User Enumeration" vulnerability, CCRX already has a feature for avoiding this attack. So, we strongly recommend enabling an account lock function in CCRX. The detailed explanation about account lock function is in User Manual. If the account lock function is configured properly username and password are not compromised, because attacker cannot keep attacking continuously.
 

【Affected Products】 


Color MFPs:
TASKalfa 8353ci, TASKalfa 7353ci, TASKalfa 7054ci, TASKalfa 6054ci, TASKalfa 5054ci, TASKalfa 4054ci, TASKalfa 3554ci, TASKalfa 2554ci, TASKalfa 6053ci, TASKalfa 5053ci, TASKalfa 4053ci, TASKalfa 3253ci, TASKalfa 2553ci, TASKalfa 508ci, TASKalfa 408ci, TASKalfa 358ci, TASKalfa 406ci, TASKalfa 356ci, TASKalfa 308ci, TASKalfa 307ci, TASKalfa 306ci, ECOSYS MA2100cwfx, ECOSYS MA2100cfx, TASKalfa Pro 15000c
 

Monochrome MFPs:
TASKalfa 9003i, TASKalfa 8003i, TASKalfa 7003i, TASKalfa 7004i, TASKalfa 6004i, TASKalfa 5004i, TASKalfa 6003i, TASKalfa 5003i, ECOSYS MA6000ifx, ECOSYS MA5500ifx, ECOSYS MA4500ifx, ECOSYS MA4500fx, ECOSYS MA4500ix, ECOSYS MA4500x, TASKalfa MZ4000i, TASKalfa MZ3200i, TASKalfa 4012i, TASKalfa 3212i, TASKalfa 3011i, TASKalfa 3511i, TASKalfa 2201, TASKalfa 2200, TASKalfa 1801, TASKalfa 1800, TASKalfa 2321, TASKalfa 2321/A, TASKalfa 2320, TASKalfa 2021, TASKalfa 2020, TASKalfa Pro 15000c/B, ECOSYS M3660idn, ECOSYS M3655idn, ECOSYS M3655idn/A, ECOSYS M3645idn, ECOSYS M3145idn, ECOSYS M3645dn, ECOSYS M3145dn, ECOSYS M3860idn, ECOSYS M3860idnf 
 

Color printer:
ECOSYS P8060cdn, ECOSYS PA2100cwx, ECOSYS PA2100cx


Monochrome printers:
ECOSYS PA6000x, ECOSYS PA5500x, ECOSYS PA5000x, ECOSYS PA4500x, ECOSYS P40050x, ECOSYS P4060dn


【Products affected by this vulnerability】 

For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product. 

Cookies and your privacy

We use essential cookies to ensure the proper functioning of our website. Statistical cookies help us to better understand how our website is used, and marketing cookies allow us to better tailor content to the visitors of our website. You can select your cookie preferences using the ‘Preferences’ button below, or select ‘Accept all cookies’ to continue with all cookies. By selecting ‘Accept all cookies’ you agree to the storing of these cookies on your device. You can refuse these cookies by selecting ‘Accept only essential cookies’, in this case you allow us to place only those cookies which are necessary for the correct display of our website on your device.

Cookie preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.