A security vulnerability has been identified in Kyocera Document Solutions’ MFPs and printers.
Three vulnerabilities have been identified:
This vulnerability is subject to a situation where a third party can access the network.
Vulnerability problems will not occur unless the environment is accessed by a third party.
Vulnerability ID: JVN#46345126
1. Session Management Defects in Command Center Vulnerability (CVE-2022-41798）
A vulnerability that allows users to login without login authentication by forged cookies in an environment where the product is accessible through Command Center.
2. Inadequate Authentication of Command Center (CVE-2022-41807）
In an usage environment where the product is accessible via Command Center, if a client (a malicious attacker's personal computer) issues a request to a server (the product) to change device settings using the Common Gateway Interface (CGI), configuration changes can be made without logging in to Command Center.
3. Cross-site scripting vulnerability in Command Center (CVE-2022-41830）
Please contact your services provider to apply the firmware that addresses the security vulnerability.
Until the firmware is applied, please take the following workaround measures.
To reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please use the multifunction copiers in an environment protected by a firewall or other means when connecting them to the Internet. This will block unauthorized access from outside via the Internet.
It is recommended that the IP address of the multifunction copiers/printers be operated with a private IP address* set. If a global IP address is set, the risk of information leakage due to unauthorized access from outside increases.
We will update the contents of this page as necessary in the event of any changes.
In addition, we are developing and marketing successors and new products with more advanced security functions. Please consider the successor products and new products for the safe protection of your information assets.
For information on how this vulnerability affects products developed, manufactured, and sold by Kyocera Document Solutions, please contact your local distributor where you purchased the product.