• Change language
    Change country

    Security vulnerabilities in our products

    01/11/22

    A security vulnerability has been identified in Kyocera Document Solutions’ MFPs and printers.

     

    Vulnerability description

    Three vulnerabilities have been identified:

    This vulnerability is subject to a situation where a third party can access the network.
    Vulnerability problems will not occur unless the environment is accessed by a third party.

    Vulnerability ID: JVN#46345126
    https://jvn.jp/jp/JVN46345126/

    1. Session Management Defects in Command Center Vulnerability (CVE-2022-41798
    A vulnerability that allows users to login without login authentication by forged cookies in an environment where the product is accessible through Command Center.

    2. Inadequate Authentication of Command Center (CVE-2022-41807
    In an usage environment where the product is accessible via Command Center, if a client (a malicious attacker's personal computer) issues a request to a server (the product) to change device settings using the Common Gateway Interface (CGI), configuration changes can be made without logging in to Command Center.

    3. Cross-site scripting vulnerability in Command Center (CVE-2022-41830
    In an usage environment where the product is accessible via Command Center, a vulnerability could allow an attacker to embed malicious JavaScript in a certificate by exploiting the ability to register, configure, and reference SSL/TLS certificates in the Command Center security settings. Therefore, when the equipment administrator logs in to the Command Center and references the SSL/TLS certificate, JavaScript is executed and the equipment administrator can be victimized.

    Please contact your services provider to apply the firmware that addresses the security vulnerability.

    Until the firmware is applied, please take the following workaround measures.

     

    Workaround

    Workaround 1

    To reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please use the multifunction copiers in an environment protected by a firewall or other means when connecting them to the Internet. This will block unauthorized access from outside via the Internet.

    Workaround 2

    It is recommended that the IP address of the multifunction copiers/printers be operated with a private IP address* set. If a global IP address is set, the risk of information leakage due to unauthorized access from outside increases.

    Products

    • List of Products.pdf (List of Products.pdf)
      • 80 KB
      • PDF

    We will update the contents of this page as necessary in the event of any changes.

    In addition, we are developing and marketing successors and new products with more advanced security functions. Please consider the successor products and new products for the safe protection of your information assets.

     

    Products affected by this vulnerability

    For information on how this vulnerability affects products developed, manufactured, and sold by Kyocera Document Solutions, please contact your local distributor where you purchased the product.

    Cookies and your privacy

    We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

    Cookie preferences

    We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

    These cookies allow us to measure and improve the performance of our website.

    These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.